rpm package
suse/xen&distro=SUSE Linux Enterprise Desktop 12 SP3
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3
Vulnerabilities (48)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14316 | Hig | 8.8 | < 4.9.0_12-3.15.1 | 4.9.0_12-3.15.1 | Sep 12, 2017 | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the | |
| CVE-2017-12137 | Hig | 8.8 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 24, 2017 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |
| CVE-2017-12136 | Hig | 7.8 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 24, 2017 | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | |
| CVE-2017-12135 | Hig | 8.8 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 24, 2017 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |
| CVE-2017-12855 | Med | 6.5 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 15, 2017 | Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances | |
| CVE-2017-10664 | Hig | 7.5 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 2, 2017 | qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |
| CVE-2017-11434 | Med | 5.5 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Jul 25, 2017 | The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. | |
| CVE-2017-5526 | Med | 6.5 | < 4.9.0_14-3.18.1 | 4.9.0_14-3.18.1 | Mar 15, 2017 | Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
- affected < 4.9.0_12-3.15.1fixed 4.9.0_12-3.15.1
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
- affected < 4.9.0_14-3.18.1fixed 4.9.0_14-3.18.1
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Page 3 of 3