rpm package

suse/xen&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (154)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-9380	Hig	7.5	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Jan 23, 2017	The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379	Hig	7.9	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Jan 23, 2017	The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-9776	Med	5.5	< 4.4.4_14-22.33.1	4.4.4_14-22.33.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process
CVE-2016-9921	Med	6.5	< 4.4.4_14-22.33.1	4.4.4_14-22.33.1	Dec 23, 2016	Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-9911	Med	6.5	< 4.4.4_14-22.33.1	4.4.4_14-22.33.1	Dec 23, 2016	Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9907	Med	6.5	< 4.4.4_14-22.33.1	4.4.4_14-22.33.1	Dec 23, 2016	Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a hos
CVE-2016-6888	Med	4.4	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Dec 10, 2016	Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL poi
CVE-2016-6836	Med	6.0	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Dec 10, 2016	The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6835	Med	6.0	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Dec 10, 2016	The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVE-2016-6834	Med	4.4	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Dec 10, 2016	The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
CVE-2016-6833	Med	4.4	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Dec 10, 2016	Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-9101	Med	6.0	< 4.4.4_14-22.33.1	4.4.4_14-22.33.1	Dec 9, 2016	Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2016-8910	Med	6.0	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Nov 4, 2016	The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8909	Med	6.0	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Nov 4, 2016	The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2016-8669	Med	6.0	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Nov 4, 2016	The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667	Med	6.0	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Nov 4, 2016	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8576	Med	6.0	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Nov 4, 2016	The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-7777	Med	6.3	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Oct 7, 2016	Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul
CVE-2016-7909	Med	4.4	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Oct 5, 2016	The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7908	Med	4.4	< 4.4.4_05-22.25.1	4.4.4_05-22.25.1	Oct 5, 2016	The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in

CVE-2016-9380HigJan 23, 2017
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379HigJan 23, 2017
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-9776MedDec 29, 2016
affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process
CVE-2016-9921MedDec 23, 2016
affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-9911MedDec 23, 2016
affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9907MedDec 23, 2016
affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a hos
CVE-2016-6888MedDec 10, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL poi
CVE-2016-6836MedDec 10, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6835MedDec 10, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVE-2016-6834MedDec 10, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
CVE-2016-6833MedDec 10, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-9101MedDec 9, 2016
affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2016-8910MedNov 4, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8909MedNov 4, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2016-8669MedNov 4, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667MedNov 4, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8576MedNov 4, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-7777MedOct 7, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul
CVE-2016-7909MedOct 5, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7908MedOct 5, 2016
affected < 4.4.4_05-22.25.1fixed 4.4.4_05-22.25.1
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in

Page 6 of 8