rpm package
opensuse/xen&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10981 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | May 10, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | |
| CVE-2018-8897 | Hig | 7.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | May 8, 2018 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP | |
| CVE-2018-10472 | Med | 5.6 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. | |
| CVE-2018-10471 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | |
| CVE-2018-7542 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Feb 27, 2018 | An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. | |
| CVE-2018-7541 | Hig | 8.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Feb 27, 2018 | An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. | |
| CVE-2018-7540 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Feb 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | |
| CVE-2018-5244 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 5, 2018 | In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) | |
| CVE-2017-5753 | Med | 5.6 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |
| CVE-2015-7549 | Med | 6.0 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 30, 2017 | The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. | |
| CVE-2015-7504 | Hig | 8.8 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 16, 2017 | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | |
| CVE-2017-12137 | Hig | 8.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Aug 24, 2017 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |
| CVE-2017-12136 | Hig | 7.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Aug 24, 2017 | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | |
| CVE-2017-12135 | Hig | 8.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Aug 24, 2017 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |
| CVE-2017-9330 | Med | 5.6 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jun 8, 2017 | QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. | |
| CVE-2017-8309 | Hig | 7.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | May 23, 2017 | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |
| CVE-2015-8619 | Hig | 7.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 13, 2017 | The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | |
| CVE-2015-8567 | Hig | 7.7 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 13, 2017 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | |
| CVE-2015-8345 | Med | 6.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 13, 2017 | The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. | |
| CVE-2015-8613 | Med | 6.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 11, 2017 | Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. |
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption)
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
Page 7 of 14