rpm package

suse/xen&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (154)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-7154	Med	6.7	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 21, 2016	Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.
CVE-2016-7094	Med	4.1	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 21, 2016	Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
CVE-2016-7093	Hig	8.2	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 21, 2016	Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
CVE-2016-7092	Hig	8.2	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 21, 2016	The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
CVE-2016-6351	Med	6.7	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 7, 2016	The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
CVE-2016-5107	Med	6.0	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 2, 2016	The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-5106	Med	6.0	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 2, 2016	The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware In
CVE-2016-5105	Med	4.4	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 2, 2016	The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interfac
CVE-2016-4952	Med	6.0	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Sep 2, 2016	QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S
CVE-2016-6258	Hig	8.8	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Aug 2, 2016	The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-5403	Med	5.5	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Aug 2, 2016	The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-5338	Hig	7.8	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 14, 2016	The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
CVE-2016-5337	Med	5.5	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 14, 2016	The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVE-2016-5238	Med	4.4	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 14, 2016	The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2016-4963	Med	4.7	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 7, 2016	The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2016-4962	Med	6.7	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 7, 2016	The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
CVE-2016-5126	Hig	7.8	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 1, 2016	Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2016-4454	Med	6.0	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 1, 2016	The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b
CVE-2016-4453	Med	4.4	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	Jun 1, 2016	The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-4020	Med	6.5	< 4.4.4_04-22.22.2	4.4.4_04-22.22.2	May 25, 2016	The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

CVE-2016-7154MedSep 21, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.
CVE-2016-7094MedSep 21, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
CVE-2016-7093HigSep 21, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
CVE-2016-7092HigSep 21, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
CVE-2016-6351MedSep 7, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h
CVE-2016-5107MedSep 2, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-5106MedSep 2, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware In
CVE-2016-5105MedSep 2, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interfac
CVE-2016-4952MedSep 2, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S
CVE-2016-6258HigAug 2, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-5403MedAug 2, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-5338HigJun 14, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
CVE-2016-5337MedJun 14, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVE-2016-5238MedJun 14, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2016-4963MedJun 7, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2016-4962MedJun 7, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
CVE-2016-5126HigJun 1, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2016-4454MedJun 1, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b
CVE-2016-4453MedJun 1, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-4020MedMay 25, 2016
affected < 4.4.4_04-22.22.2fixed 4.4.4_04-22.22.2
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Page 7 of 8