VYPR

rpm package

suse/xen&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Vulnerabilities (79)

  • CVE-2021-20257MedMar 16, 2022
    affected < 4.4.4_48-61.64.1fixed 4.4.4_48-61.64.1

    An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re

  • CVE-2021-3930MedFeb 18, 2022
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d

  • CVE-2022-23035MedJan 25, 2022
    affected < 4.4.4_52-61.70.1fixed 4.4.4_52-61.70.1

    Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent

  • CVE-2022-23034MedJan 25, 2022
    affected < 4.4.4_52-61.70.1fixed 4.4.4_52-61.70.1

    A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unma

  • CVE-2021-28703HigDec 7, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, g

  • CVE-2021-28709HigNov 24, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t

  • CVE-2021-28705HigNov 24, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t

  • CVE-2021-28706HigNov 24, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precisio

  • CVE-2021-28701HigSep 8, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest sw

  • CVE-2021-28698MedAug 27, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie

  • CVE-2021-28697HigAug 27, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc

  • CVE-2021-3682HigAug 5, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit

  • CVE-2021-28692HigJun 30, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,

  • CVE-2021-28690MedJun 29, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s

  • CVE-2021-3595LowJun 15, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun

  • CVE-2021-3594LowJun 15, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound

  • CVE-2021-3592LowJun 15, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this

  • CVE-2021-0089MedJun 9, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

  • CVE-2019-12067MedJun 2, 2021
    affected < 4.4.4_40-61.49.1fixed 4.4.4_40-61.49.1

    The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

  • CVE-2021-3527MedMay 26, 2021
    affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1

    A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array

Page 1 of 4

VYPR — Vulnerability Intelligence