rpm package
opensuse/xen&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8744 | Med | 5.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Dec 29, 2016 | QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance | |
| CVE-2015-8743 | Hig | 7.1 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Dec 29, 2016 | QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. | |
| CVE-2016-9921 | Med | 6.5 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Dec 23, 2016 | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst | |
| CVE-2016-8910 | Med | 6.0 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Nov 4, 2016 | The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |
| CVE-2016-8669 | Med | 6.0 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Nov 4, 2016 | The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. | |
| CVE-2016-8667 | Med | 6.0 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Nov 4, 2016 | The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. | |
| CVE-2016-7777 | Med | 6.3 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Oct 7, 2016 | Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul | |
| CVE-2016-7909 | Med | 4.4 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Oct 5, 2016 | The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. | |
| CVE-2016-7908 | Med | 4.4 | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Oct 5, 2016 | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in | |
| CVE-2016-7094 | Med | 4.1 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Sep 21, 2016 | Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. | |
| CVE-2016-7093 | Hig | 8.2 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Sep 21, 2016 | Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. | |
| CVE-2016-7092 | Hig | 8.2 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Sep 21, 2016 | The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | |
| CVE-2016-6351 | Med | 6.7 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Sep 7, 2016 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h | |
| CVE-2016-6259 | Med | 6.2 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Aug 2, 2016 | Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | |
| CVE-2016-6258 | Hig | 8.8 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Aug 2, 2016 | The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |
| CVE-2016-2841 | Med | 6.0 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 16, 2016 | The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring bu | |
| CVE-2016-2538 | Hig | 7.1 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 16, 2016 | Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is | |
| CVE-2016-2392 | Med | 6.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 16, 2016 | The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cra | |
| CVE-2016-2391 | Med | 5.0 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 16, 2016 | The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. | |
| CVE-2016-5338 | Hig | 7.8 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 14, 2016 | The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. |
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
- affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring bu
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cra
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
Page 9 of 14