rpm package
suse/xen&distro=SUSE Linux Enterprise Point of Sale 11 SP3
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
Vulnerabilities (134)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8309 | Hig | 7.5 | < 4.2.5_21-44.1 | 4.2.5_21-44.1 | May 23, 2017 | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |
| CVE-2017-8905 | Hig | 8.8 | < 4.2.5_21-44.1 | 4.2.5_21-44.1 | May 11, 2017 | Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. | |
| CVE-2017-7995 | Low | 3.8 | < 4.2.5_21-41.1 | 4.2.5_21-41.1 | May 3, 2017 | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5 | |
| CVE-2017-7718 | Med | 5.5 | < 4.2.5_21-41.1 | 4.2.5_21-41.1 | Apr 20, 2017 | hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functi | |
| CVE-2017-7228 | Hig | 8.2 | < 4.2.5_21-38.1 | 4.2.5_21-38.1 | Apr 4, 2017 | An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provid | |
| CVE-2016-9922 | Med | 5.5 | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Mar 27, 2017 | The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. | |
| CVE-2017-5898 | Med | 5.5 | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Mar 15, 2017 | Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units | |
| CVE-2017-5526 | Med | 6.5 | < 4.2.5_21-45.11.1 | 4.2.5_21-45.11.1 | Mar 15, 2017 | Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | |
| CVE-2016-10155 | Med | 6.0 | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Mar 15, 2017 | Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | |
| CVE-2017-6505 | Med | 6.5 | < 4.2.5_21-38.1 | 4.2.5_21-38.1 | Mar 15, 2017 | The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93 | |
| CVE-2017-6414 | Med | 6.5 | < 4.2.5_21-38.1 | 4.2.5_21-38.1 | Mar 15, 2017 | Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object. | |
| CVE-2016-9637 | Hig | 7.5 | < 4.2.5_21-30.1 | 4.2.5_21-30.1 | Feb 17, 2017 | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | |
| CVE-2016-9932 | Low | 3.3 | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Jan 26, 2017 | CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | |
| CVE-2016-10024 | Med | 6.0 | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Jan 26, 2017 | Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |
| CVE-2016-10013 | Hig | 7.8 | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Jan 26, 2017 | Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. | |
| CVE-2016-9386 | Hig | 7.8 | < 4.2.5_21-30.1 | 4.2.5_21-30.1 | Jan 23, 2017 | The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | |
| CVE-2016-9383 | Hig | 8.8 | < 4.2.5_21-30.1 | 4.2.5_21-30.1 | Jan 23, 2017 | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction | |
| CVE-2016-9382 | Hig | 7.8 | < 4.2.5_21-30.1 | 4.2.5_21-30.1 | Jan 23, 2017 | Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st | |
| CVE-2016-9381 | Hig | 7.5 | < 4.2.5_21-30.1 | 4.2.5_21-30.1 | Jan 23, 2017 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |
| CVE-2016-9380 | Hig | 7.5 | < 4.2.5_21-30.1 | 4.2.5_21-30.1 | Jan 23, 2017 | The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. |
- affected < 4.2.5_21-44.1fixed 4.2.5_21-44.1
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
- affected < 4.2.5_21-44.1fixed 4.2.5_21-44.1
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
- affected < 4.2.5_21-41.1fixed 4.2.5_21-41.1
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5
- affected < 4.2.5_21-41.1fixed 4.2.5_21-41.1
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functi
- affected < 4.2.5_21-38.1fixed 4.2.5_21-38.1
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provid
- affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
- affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units
- affected < 4.2.5_21-45.11.1fixed 4.2.5_21-45.11.1
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
- affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
- affected < 4.2.5_21-38.1fixed 4.2.5_21-38.1
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93
- affected < 4.2.5_21-38.1fixed 4.2.5_21-38.1
Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.
- affected < 4.2.5_21-30.1fixed 4.2.5_21-30.1
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
- affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
- affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
- affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
- affected < 4.2.5_21-30.1fixed 4.2.5_21-30.1
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
- affected < 4.2.5_21-30.1fixed 4.2.5_21-30.1
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction
- affected < 4.2.5_21-30.1fixed 4.2.5_21-30.1
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st
- affected < 4.2.5_21-30.1fixed 4.2.5_21-30.1
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
- affected < 4.2.5_21-30.1fixed 4.2.5_21-30.1
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
Page 5 of 7