rpm package
suse/xen&distro=SUSE Linux Enterprise Server 12
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012
Vulnerabilities (84)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7972 | — | < 4.4.3_06-22.15.1 | 4.4.3_06-22.15.1 | Oct 30, 2015 | The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users t | ||
| CVE-2015-7971 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Oct 30, 2015 | Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in | ||
| CVE-2015-7970 | — | < 4.4.3_06-22.15.1 | 4.4.3_06-22.15.1 | Oct 30, 2015 | The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-co | ||
| CVE-2015-7969 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Oct 30, 2015 | Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcp | ||
| CVE-2015-7835 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Oct 30, 2015 | The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||
| CVE-2015-7311 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Oct 1, 2015 | libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | ||
| CVE-2015-4037 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Aug 26, 2015 | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. | ||
| CVE-2015-5166 | — | < 4.4.2_10-22.8.1 | 4.4.2_10-22.8.1 | Aug 12, 2015 | Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. | ||
| CVE-2015-5165 | — | < 4.4.2_10-22.8.1 | 4.4.2_10-22.8.1 | Aug 12, 2015 | The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | ||
| CVE-2015-5154 | — | < 4.4.2_08-22.5.1 | 4.4.2_08-22.5.1 | Aug 12, 2015 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | ||
| CVE-2015-3259 | — | < 4.4.2_08-22.5.1 | 4.4.2_08-22.5.1 | Jul 16, 2015 | Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. | ||
| CVE-2015-4164 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 15, 2015 | The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. | ||
| CVE-2015-4163 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 15, 2015 | GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version. | ||
| CVE-2015-3209 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 15, 2015 | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | ||
| CVE-2015-4106 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 3, 2015 | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact vi | ||
| CVE-2015-4105 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 3, 2015 | Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. | ||
| CVE-2015-4104 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 3, 2015 | Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. | ||
| CVE-2015-4103 | — | < 4.4.2_06-21.1 | 4.4.2_06-21.1 | Jun 3, 2015 | Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. | ||
| CVE-2015-3456 | — | < 4.4.2_04-18.1 | 4.4.2_04-18.1 | May 13, 2015 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o | ||
| CVE-2015-3340 | — | < 4.4.2_04-18.1 | 4.4.2_04-18.1 | Apr 28, 2015 | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. |
- CVE-2015-7972Oct 30, 2015affected < 4.4.3_06-22.15.1fixed 4.4.3_06-22.15.1
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users t
- CVE-2015-7971Oct 30, 2015affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in
- CVE-2015-7970Oct 30, 2015affected < 4.4.3_06-22.15.1fixed 4.4.3_06-22.15.1
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-co
- CVE-2015-7969Oct 30, 2015affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcp
- CVE-2015-7835Oct 30, 2015affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
- CVE-2015-7311Oct 1, 2015affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
- CVE-2015-4037Aug 26, 2015affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
- CVE-2015-5166Aug 12, 2015affected < 4.4.2_10-22.8.1fixed 4.4.2_10-22.8.1
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
- CVE-2015-5165Aug 12, 2015affected < 4.4.2_10-22.8.1fixed 4.4.2_10-22.8.1
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
- CVE-2015-5154Aug 12, 2015affected < 4.4.2_08-22.5.1fixed 4.4.2_08-22.5.1
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
- CVE-2015-3259Jul 16, 2015affected < 4.4.2_08-22.5.1fixed 4.4.2_08-22.5.1
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
- CVE-2015-4164Jun 15, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
- CVE-2015-4163Jun 15, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
- CVE-2015-3209Jun 15, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
- CVE-2015-4106Jun 3, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact vi
- CVE-2015-4105Jun 3, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
- CVE-2015-4104Jun 3, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
- CVE-2015-4103Jun 3, 2015affected < 4.4.2_06-21.1fixed 4.4.2_06-21.1
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
- CVE-2015-3456May 13, 2015affected < 4.4.2_04-18.1fixed 4.4.2_04-18.1
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
- CVE-2015-3340Apr 28, 2015affected < 4.4.2_04-18.1fixed 4.4.2_04-18.1
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
Page 3 of 5