rpm package
opensuse/xen&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8568 | Med | 6.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 11, 2017 | Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. | |
| CVE-2015-8504 | Med | 6.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 11, 2017 | Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | |
| CVE-2017-6505 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Mar 15, 2017 | The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93 | |
| CVE-2016-9384 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Feb 22, 2017 | Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | |
| CVE-2016-9377 | Med | 5.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Feb 22, 2017 | Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. | |
| CVE-2016-9637 | Hig | 7.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Feb 17, 2017 | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | |
| CVE-2016-9932 | Low | 3.3 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 26, 2017 | CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | |
| CVE-2016-10025 | Med | 5.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 26, 2017 | VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | |
| CVE-2016-10024 | Med | 6.0 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 26, 2017 | Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |
| CVE-2016-10013 | Hig | 7.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 26, 2017 | Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. | |
| CVE-2016-9386 | Hig | 7.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 23, 2017 | The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | |
| CVE-2016-9385 | Med | 6.0 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 23, 2017 | The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. | |
| CVE-2016-9383 | Hig | 8.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 23, 2017 | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction | |
| CVE-2016-9382 | Hig | 7.8 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 23, 2017 | Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st | |
| CVE-2016-9381 | Hig | 7.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 23, 2017 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |
| CVE-2016-9379 | Hig | 7.9 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jan 23, 2017 | The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | |
| CVE-2016-2198 | Med | 5.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Dec 29, 2016 | QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process | |
| CVE-2016-1981 | Med | 5.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Dec 29, 2016 | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated des | |
| CVE-2016-1922 | Med | 5.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Dec 29, 2016 | QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer de | |
| CVE-2015-8745 | Med | 5.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Dec 29, 2016 | QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulti |
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated des
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer de
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulti
Page 8 of 14