rpm package

suse/xen&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (132)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-8667	Med	6.0	< 4.5.5_02-22.3.1	4.5.5_02-22.3.1	Nov 4, 2016	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8576	Med	6.0	< 4.5.5_02-22.3.1	4.5.5_02-22.3.1	Nov 4, 2016	The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-7777	Med	6.3	< 4.5.5_02-22.3.1	4.5.5_02-22.3.1	Oct 7, 2016	Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul
CVE-2016-7909	Med	4.4	< 4.5.5_02-22.3.1	4.5.5_02-22.3.1	Oct 5, 2016	The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7908	Med	4.4	< 4.5.5_02-22.3.1	4.5.5_02-22.3.1	Oct 5, 2016	The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in
CVE-2016-7094	Med	4.1	< 4.5.3_10-20.1	4.5.3_10-20.1	Sep 21, 2016	Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
CVE-2016-7093	Hig	8.2	< 4.5.3_10-20.1	4.5.3_10-20.1	Sep 21, 2016	Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
CVE-2016-7092	Hig	8.2	< 4.5.3_10-20.1	4.5.3_10-20.1	Sep 21, 2016	The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
CVE-2016-6351	Med	6.7	< 4.5.3_08-17.1	4.5.3_08-17.1	Sep 7, 2016	The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
CVE-2016-5107	Med	6.0	< 4.5.3_08-17.1	4.5.3_08-17.1	Sep 2, 2016	The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-5106	Med	6.0	< 4.5.3_08-17.1	4.5.3_08-17.1	Sep 2, 2016	The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware In
CVE-2016-5105	Med	4.4	< 4.5.3_08-17.1	4.5.3_08-17.1	Sep 2, 2016	The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interfac
CVE-2016-4952	Med	6.0	< 4.5.3_08-17.1	4.5.3_08-17.1	Sep 2, 2016	QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S
CVE-2016-6259	Med	6.2	< 4.5.3_08-17.1	4.5.3_08-17.1	Aug 2, 2016	Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
CVE-2016-6258	Hig	8.8	< 4.5.3_08-17.1	4.5.3_08-17.1	Aug 2, 2016	The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-5403	Med	5.5	< 4.5.3_08-17.1	4.5.3_08-17.1	Aug 2, 2016	The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-2841	Med	6.0	< 4.5.2_06-7.1	4.5.2_06-7.1	Jun 16, 2016	The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring bu
CVE-2016-2538	Hig	7.1	< 4.5.2_06-7.1	4.5.2_06-7.1	Jun 16, 2016	Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is
CVE-2016-2392	Med	6.5	< 4.5.2_06-7.1	4.5.2_06-7.1	Jun 16, 2016	The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cra
CVE-2016-2391	Med	5.0	< 4.5.2_06-7.1	4.5.2_06-7.1	Jun 16, 2016	The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

CVE-2016-8667MedNov 4, 2016
affected < 4.5.5_02-22.3.1fixed 4.5.5_02-22.3.1
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8576MedNov 4, 2016
affected < 4.5.5_02-22.3.1fixed 4.5.5_02-22.3.1
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-7777MedOct 7, 2016
affected < 4.5.5_02-22.3.1fixed 4.5.5_02-22.3.1
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul
CVE-2016-7909MedOct 5, 2016
affected < 4.5.5_02-22.3.1fixed 4.5.5_02-22.3.1
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7908MedOct 5, 2016
affected < 4.5.5_02-22.3.1fixed 4.5.5_02-22.3.1
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in
CVE-2016-7094MedSep 21, 2016
affected < 4.5.3_10-20.1fixed 4.5.3_10-20.1
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
CVE-2016-7093HigSep 21, 2016
affected < 4.5.3_10-20.1fixed 4.5.3_10-20.1
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
CVE-2016-7092HigSep 21, 2016
affected < 4.5.3_10-20.1fixed 4.5.3_10-20.1
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
CVE-2016-6351MedSep 7, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
CVE-2016-5107MedSep 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-5106MedSep 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware In
CVE-2016-5105MedSep 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interfac
CVE-2016-4952MedSep 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S
CVE-2016-6259MedAug 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
CVE-2016-6258HigAug 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-5403MedAug 2, 2016
affected < 4.5.3_08-17.1fixed 4.5.3_08-17.1
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-2841MedJun 16, 2016
affected < 4.5.2_06-7.1fixed 4.5.2_06-7.1
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring bu
CVE-2016-2538HigJun 16, 2016
affected < 4.5.2_06-7.1fixed 4.5.2_06-7.1
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is
CVE-2016-2392MedJun 16, 2016
affected < 4.5.2_06-7.1fixed 4.5.2_06-7.1
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cra
CVE-2016-2391MedJun 16, 2016
affected < 4.5.2_06-7.1fixed 4.5.2_06-7.1
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

Page 4 of 7