rpm package
suse/xen&distro=SUSE Linux Enterprise Point of Sale 11 SP3
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
Vulnerabilities (134)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11806 | Hig | 8.2 | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Jun 13, 2018 | m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | |
| CVE-2018-3639 | Med | 5.5 | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | |
| CVE-2018-10982 | Hig | 8.8 | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | May 10, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC | |
| CVE-2018-10981 | Med | 6.5 | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | May 10, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | |
| CVE-2018-8897 | Hig | 7.8 | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | May 8, 2018 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP | |
| CVE-2018-10472 | Med | 5.6 | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. | |
| CVE-2018-10471 | Med | 6.5 | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | |
| CVE-2018-7550 | Hig | 8.8 | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | Mar 1, 2018 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | |
| CVE-2018-7541 | Hig | 8.8 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Feb 27, 2018 | An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. | |
| CVE-2018-7540 | Med | 6.5 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Feb 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | |
| CVE-2018-5683 | Med | 6.0 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Jan 23, 2018 | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | |
| CVE-2017-18030 | Med | 4.4 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Jan 23, 2018 | The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. | |
| CVE-2017-5754 | Med | 5.6 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | |
| CVE-2017-5753 | Med | 5.6 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |
| CVE-2017-5715 | Med | 5.6 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |
| CVE-2017-17566 | Hig | 7.8 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Dec 12, 2017 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | |
| CVE-2017-17565 | Med | 5.6 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Dec 12, 2017 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. | |
| CVE-2017-17564 | Hig | 7.8 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Dec 12, 2017 | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. | |
| CVE-2017-17563 | Hig | 7.8 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Dec 12, 2017 | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. | |
| CVE-2017-15597 | Cri | 9.1 | < 4.2.5_21-45.16.1 | 4.2.5_21-45.16.1 | Oct 30, 2017 | An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a g |
- affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
- affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC
- affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
- affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
- affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
- affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
- affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
- affected < 4.2.5_21-45.16.1fixed 4.2.5_21-45.16.1
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a g
Page 3 of 7