rpm package
suse/xen&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (140)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-29483 | — | < 4.12.4_06-3.36.1 | 4.12.4_06-3.36.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from x | ||
| CVE-2020-29480 | — | < 4.12.4_06-3.36.1 | 4.12.4_06-3.36.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A | ||
| CVE-2020-29571 | — | < 4.12.4_06-3.36.1 | 4.12.4_06-3.36.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected agains | ||
| CVE-2020-29570 | — | < 4.12.4_06-3.36.1 | 4.12.4_06-3.36.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or bugg | ||
| CVE-2020-29566 | — | < 4.12.4_06-3.36.1 | 4.12.4_06-3.36.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled | ||
| CVE-2020-29130 | — | < 4.12.4_06-3.36.1 | 4.12.4_06-3.36.1 | Nov 26, 2020 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-28368 | — | < 4.12.4_02-3.30.1 | 4.12.4_02-3.30.1 | Nov 10, 2020 | Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the | ||
| CVE-2020-27670 | — | < 4.12.3_10-3.27.1 | 4.12.3_10-3.27.1 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | ||
| CVE-2020-27671 | — | < 4.12.3_10-3.27.1 | 4.12.3_10-3.27.1 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | ||
| CVE-2020-27672 | — | < 4.12.3_10-3.27.1 | 4.12.3_10-3.27.1 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | ||
| CVE-2020-27673 | — | < 4.12.3_10-3.27.1 | 4.12.3_10-3.27.1 | Oct 22, 2020 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | ||
| CVE-2020-25603 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory | ||
| CVE-2020-25596 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it t | ||
| CVE-2020-25604 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to rel | ||
| CVE-2020-25602 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest acc | ||
| CVE-2020-25601 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event c | ||
| CVE-2020-25600 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones | ||
| CVE-2020-25599 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to ou | ||
| CVE-2020-25598 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is | ||
| CVE-2020-25597 | — | < 4.12.3_08-3.24.1 | 4.12.3_08-3.24.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life tim |
- CVE-2020-29483Dec 15, 2020affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from x
- CVE-2020-29480Dec 15, 2020affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A
- CVE-2020-29571Dec 15, 2020affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected agains
- CVE-2020-29570Dec 15, 2020affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or bugg
- CVE-2020-29566Dec 15, 2020affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled
- CVE-2020-29130Nov 26, 2020affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-28368Nov 10, 2020affected < 4.12.4_02-3.30.1fixed 4.12.4_02-3.30.1
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the
- CVE-2020-27670Oct 22, 2020affected < 4.12.3_10-3.27.1fixed 4.12.3_10-3.27.1
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
- CVE-2020-27671Oct 22, 2020affected < 4.12.3_10-3.27.1fixed 4.12.3_10-3.27.1
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
- CVE-2020-27672Oct 22, 2020affected < 4.12.3_10-3.27.1fixed 4.12.3_10-3.27.1
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
- CVE-2020-27673Oct 22, 2020affected < 4.12.3_10-3.27.1fixed 4.12.3_10-3.27.1
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
- CVE-2020-25603Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory
- CVE-2020-25596Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it t
- CVE-2020-25604Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to rel
- CVE-2020-25602Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest acc
- CVE-2020-25601Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event c
- CVE-2020-25600Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones
- CVE-2020-25599Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to ou
- CVE-2020-25598Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is
- CVE-2020-25597Sep 23, 2020affected < 4.12.3_08-3.24.1fixed 4.12.3_08-3.24.1
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life tim
Page 6 of 7