rpm package

suse/xen&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (72)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-7909	Med	4.4	< 4.1.6_08-32.1	4.1.6_08-32.1	Oct 5, 2016	The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7908	Med	4.4	< 4.1.6_08-32.1	4.1.6_08-32.1	Oct 5, 2016	The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in
CVE-2016-7094	Med	4.1	< 4.1.6_08-29.1	4.1.6_08-29.1	Sep 21, 2016	Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
CVE-2016-7092	Hig	8.2	< 4.1.6_08-29.1	4.1.6_08-29.1	Sep 21, 2016	The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
CVE-2016-6351	Med	6.7	< 4.1.6_08-32.1	4.1.6_08-32.1	Sep 7, 2016	The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
CVE-2016-6258	Hig	8.8	< 4.1.6_08-29.1	4.1.6_08-29.1	Aug 2, 2016	The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-2841	Med	6.0	< 4.1.6_08-26.1	4.1.6_08-26.1	Jun 16, 2016	The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring bu
CVE-2016-2391	Med	5.0	< 4.1.6_08-26.1	4.1.6_08-26.1	Jun 16, 2016	The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
CVE-2016-5338	Hig	7.8	< 4.1.6_08-29.1	4.1.6_08-29.1	Jun 14, 2016	The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
CVE-2016-5238	Med	4.4	< 4.1.6_08-29.1	4.1.6_08-29.1	Jun 14, 2016	The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2014-3672	Med	6.5	< 4.1.6_08-29.1	4.1.6_08-29.1	May 25, 2016	The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-4001	Hig	8.6	< 4.1.6_08-29.1	4.1.6_08-29.1	May 23, 2016	Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2015-8558	Med	5.5	< 4.1.6_08-26.1	4.1.6_08-26.1	May 23, 2016	The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441	Med	6.0	< 4.1.6_08-29.1	4.1.6_08-29.1	May 20, 2016	The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
CVE-2016-4439	Med	6.7	< 4.1.6_08-29.1	4.1.6_08-29.1	May 20, 2016	The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
CVE-2016-4480	Hig	8.4	< 4.1.6_08-29.1	4.1.6_08-29.1	May 18, 2016	The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
CVE-2016-3710	Hig	8.8	< 4.1.6_08-29.1	4.1.6_08-29.1	May 11, 2016	The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4002	Cri	9.8	< 4.1.6_08-29.1	4.1.6_08-29.1	Apr 26, 2016	Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
CVE-2016-3960	Hig	8.8	< 4.1.6_08-29.1	4.1.6_08-29.1	Apr 19, 2016	Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2015-8554	Hig	7.5	< 4.1.6_08-26.1	4.1.6_08-26.1	Apr 14, 2016	Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X

CVE-2016-7909MedOct 5, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7908MedOct 5, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in
CVE-2016-7094MedSep 21, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
CVE-2016-7092HigSep 21, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
CVE-2016-6351MedSep 7, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
CVE-2016-6258HigAug 2, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-2841MedJun 16, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring bu
CVE-2016-2391MedJun 16, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
CVE-2016-5338HigJun 14, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
CVE-2016-5238MedJun 14, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2014-3672MedMay 25, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-4001HigMay 23, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2015-8558MedMay 23, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441MedMay 20, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
CVE-2016-4439MedMay 20, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
CVE-2016-4480HigMay 18, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
CVE-2016-3710HigMay 11, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4002CriApr 26, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
CVE-2016-3960HigApr 19, 2016
affected < 4.1.6_08-29.1fixed 4.1.6_08-29.1
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2015-8554HigApr 14, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X

Page 2 of 4