rpm package
suse/xen&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (102)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17963 | Cri | 9.8 | < 4.5.5_28-22.58.1 | 4.5.5_28-22.58.1 | Oct 9, 2018 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2018-17962 | Hig | 7.5 | < 4.5.5_28-22.58.1 | 4.5.5_28-22.58.1 | Oct 9, 2018 | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | |
| CVE-2018-17958 | Hig | 7.5 | < 4.5.5_28-22.58.1 | 4.5.5_28-22.58.1 | Oct 9, 2018 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |
| CVE-2018-3646 | Med | 5.6 | < 4.5.5_26-22.55.2 | 4.5.5_26-22.55.2 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | |
| CVE-2018-12893 | Med | 6.5 | < 4.5.5_24-22.52.3 | 4.5.5_24-22.52.3 | Jul 2, 2018 | An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can | |
| CVE-2018-12891 | Med | 6.5 | < 4.5.5_24-22.52.3 | 4.5.5_24-22.52.3 | Jul 2, 2018 | An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing | |
| CVE-2018-3665 | Med | 5.6 | < 4.5.5_24-22.52.3 | 4.5.5_24-22.52.3 | Jun 21, 2018 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | |
| CVE-2018-12617 | Hig | 7.5 | < 4.5.5_24-22.52.3 | 4.5.5_24-22.52.3 | Jun 21, 2018 | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit | |
| CVE-2018-11806 | Hig | 8.2 | < 4.5.5_24-22.52.3 | 4.5.5_24-22.52.3 | Jun 13, 2018 | m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | |
| CVE-2018-3639 | Med | 5.5 | < 4.5.5_24-22.49.1 | 4.5.5_24-22.49.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | |
| CVE-2018-8897 | Hig | 7.8 | < 4.5.5_24-22.46.1 | 4.5.5_24-22.46.1 | May 8, 2018 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP | |
| CVE-2018-10472 | Med | 5.6 | < 4.5.5_24-22.46.1 | 4.5.5_24-22.46.1 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. | |
| CVE-2018-10471 | Med | 6.5 | < 4.5.5_24-22.46.1 | 4.5.5_24-22.46.1 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | |
| CVE-2018-7550 | Hig | 8.8 | < 4.5.5_24-22.46.1 | 4.5.5_24-22.46.1 | Mar 1, 2018 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | |
| CVE-2018-5683 | Med | 6.0 | < 4.5.5_24-22.43.1 | 4.5.5_24-22.43.1 | Jan 23, 2018 | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | |
| CVE-2017-18030 | Med | 4.4 | < 4.5.5_24-22.43.1 | 4.5.5_24-22.43.1 | Jan 23, 2018 | The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. | |
| CVE-2017-5754 | Med | 5.6 | < 4.5.5_24-22.43.1 | 4.5.5_24-22.43.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | |
| CVE-2017-5753 | Med | 5.6 | < 4.5.5_24-22.43.1 | 4.5.5_24-22.43.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |
| CVE-2017-5715 | Med | 5.6 | < 4.5.5_24-22.43.1 | 4.5.5_24-22.43.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |
| CVE-2017-17566 | Hig | 7.8 | < 4.5.5_24-22.43.1 | 4.5.5_24-22.43.1 | Dec 12, 2017 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. |
- affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
- affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
- affected < 4.5.5_26-22.55.2fixed 4.5.5_26-22.55.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
- affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can
- affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
- affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
- affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit
- affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
- affected < 4.5.5_24-22.49.1fixed 4.5.5_24-22.49.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
- affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
- affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
- affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
- affected < 4.5.5_24-22.43.1fixed 4.5.5_24-22.43.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
- affected < 4.5.5_24-22.43.1fixed 4.5.5_24-22.43.1
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
- affected < 4.5.5_24-22.43.1fixed 4.5.5_24-22.43.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
- affected < 4.5.5_24-22.43.1fixed 4.5.5_24-22.43.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.5.5_24-22.43.1fixed 4.5.5_24-22.43.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.5.5_24-22.43.1fixed 4.5.5_24-22.43.1
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
Page 3 of 6