rpm package

suse/xen&distro=SUSE Linux Enterprise Server 12 SP2

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Vulnerabilities (63)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-6505	Med	6.5	< 4.7.2_02-36.1	4.7.2_02-36.1	Mar 15, 2017	The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93
CVE-2016-9384	Med	6.5	< 4.7.1_02-25.1	4.7.1_02-25.1	Feb 22, 2017	Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
CVE-2016-9378	Med	5.5	< 4.7.1_02-25.1	4.7.1_02-25.1	Feb 22, 2017	Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
CVE-2016-9377	Med	5.5	< 4.7.1_02-25.1	4.7.1_02-25.1	Feb 22, 2017	Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
CVE-2016-9637	Hig	7.5	< 4.7.1_02-25.1	4.7.1_02-25.1	Feb 17, 2017	The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
CVE-2016-9932	Low	3.3	< 4.7.1_04-28.1	4.7.1_04-28.1	Jan 26, 2017	CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
CVE-2016-10025	Med	5.5	< 4.7.1_04-28.1	4.7.1_04-28.1	Jan 26, 2017	VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
CVE-2016-10024	Med	6.0	< 4.7.1_04-28.1	4.7.1_04-28.1	Jan 26, 2017	Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVE-2016-10013	Hig	7.8	< 4.7.1_04-28.1	4.7.1_04-28.1	Jan 26, 2017	Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
CVE-2016-9386	Hig	7.8	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVE-2016-9385	Med	6.0	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
CVE-2016-9383	Hig	8.8	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction
CVE-2016-9382	Hig	7.8	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st
CVE-2016-9381	Hig	7.5	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2016-9380	Hig	7.5	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379	Hig	7.9	< 4.7.1_02-25.1	4.7.1_02-25.1	Jan 23, 2017	The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-9921	Med	6.5	< 4.7.1_06-31.1	4.7.1_06-31.1	Dec 23, 2016	Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-8910	Med	6.0	< 4.7.1_02-25.1	4.7.1_02-25.1	Nov 4, 2016	The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8669	Med	6.0	< 4.7.1_02-25.1	4.7.1_02-25.1	Nov 4, 2016	The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667	Med	6.0	< 4.7.1_02-25.1	4.7.1_02-25.1	Nov 4, 2016	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

CVE-2017-6505MedMar 15, 2017
affected < 4.7.2_02-36.1fixed 4.7.2_02-36.1
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93
CVE-2016-9384MedFeb 22, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
CVE-2016-9378MedFeb 22, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
CVE-2016-9377MedFeb 22, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
CVE-2016-9637HigFeb 17, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
CVE-2016-9932LowJan 26, 2017
affected < 4.7.1_04-28.1fixed 4.7.1_04-28.1
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
CVE-2016-10025MedJan 26, 2017
affected < 4.7.1_04-28.1fixed 4.7.1_04-28.1
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
CVE-2016-10024MedJan 26, 2017
affected < 4.7.1_04-28.1fixed 4.7.1_04-28.1
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVE-2016-10013HigJan 26, 2017
affected < 4.7.1_04-28.1fixed 4.7.1_04-28.1
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
CVE-2016-9386HigJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVE-2016-9385MedJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
CVE-2016-9383HigJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction
CVE-2016-9382HigJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st
CVE-2016-9381HigJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2016-9380HigJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379HigJan 23, 2017
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-9921MedDec 23, 2016
affected < 4.7.1_06-31.1fixed 4.7.1_06-31.1
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-8910MedNov 4, 2016
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8669MedNov 4, 2016
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667MedNov 4, 2016
affected < 4.7.1_02-25.1fixed 4.7.1_02-25.1
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

Page 3 of 4