rpm package
suse/xen&distro=SUSE Linux Enterprise Module for Server Applications 15
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12892 | Cri | 9.9 | < 4.10.1_06-3.3.1 | 4.10.1_06-3.3.1 | Jul 2, 2018 | An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supp | |
| CVE-2018-12891 | Med | 6.5 | < 4.10.1_06-3.3.1 | 4.10.1_06-3.3.1 | Jul 2, 2018 | An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing | |
| CVE-2018-3665 | Med | 5.6 | < 4.10.1_06-3.3.1 | 4.10.1_06-3.3.1 | Jun 21, 2018 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. |
- affected < 4.10.1_06-3.3.1fixed 4.10.1_06-3.3.1
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supp
- affected < 4.10.1_06-3.3.1fixed 4.10.1_06-3.3.1
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
- affected < 4.10.1_06-3.3.1fixed 4.10.1_06-3.3.1
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
Page 3 of 3