rpm package

suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Vulnerabilities (201)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-2620		—	< 4.4.4_14-51.1	4.4.4_14-51.1	Jul 27, 2018	Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
CVE-2017-2615		—	< 4.4.4_14-51.1	4.4.4_14-51.1	Jul 2, 2018	Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
CVE-2018-12893		—	< 4.4.4_34-61.32.1	4.4.4_34-61.32.1	Jul 2, 2018	An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can
CVE-2018-12891		—	< 4.4.4_34-61.32.1	4.4.4_34-61.32.1	Jul 2, 2018	An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
CVE-2018-3665		—	< 4.4.4_34-61.32.1	4.4.4_34-61.32.1	Jun 21, 2018	System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-12617		—	< 4.4.4_34-61.32.1	4.4.4_34-61.32.1	Jun 21, 2018	qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit
CVE-2018-11806		—	< 4.4.4_34-61.32.1	4.4.4_34-61.32.1	Jun 13, 2018	m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-3639		—	< 4.4.4_32-61.29.2	4.4.4_32-61.29.2	May 22, 2018	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
CVE-2018-8897		—	< 4.4.4_30-61.26.1	4.4.4_30-61.26.1	May 8, 2018	A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
CVE-2018-10472		—	< 4.4.4_30-61.26.1	4.4.4_30-61.26.1	Apr 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-10471		—	< 4.4.4_30-61.26.1	4.4.4_30-61.26.1	Apr 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
CVE-2018-7550		—	< 4.4.4_30-61.26.1	4.4.4_30-61.26.1	Mar 1, 2018	The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2018-5683		—	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Jan 23, 2018	The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-18030		—	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Jan 23, 2018	The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
CVE-2017-5754		—	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5753		—	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-5715		—	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-17566	Hig	7.8	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2017-17565	Med	5.6	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
CVE-2017-17564	Hig	7.8	< 4.4.4_28-61.23.2	4.4.4_28-61.23.2	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.

CVE-2017-2620Jul 27, 2018
affected < 4.4.4_14-51.1fixed 4.4.4_14-51.1
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
CVE-2017-2615Jul 2, 2018
affected < 4.4.4_14-51.1fixed 4.4.4_14-51.1
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
CVE-2018-12893Jul 2, 2018
affected < 4.4.4_34-61.32.1fixed 4.4.4_34-61.32.1
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can
CVE-2018-12891Jul 2, 2018
affected < 4.4.4_34-61.32.1fixed 4.4.4_34-61.32.1
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
CVE-2018-3665Jun 21, 2018
affected < 4.4.4_34-61.32.1fixed 4.4.4_34-61.32.1
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-12617Jun 21, 2018
affected < 4.4.4_34-61.32.1fixed 4.4.4_34-61.32.1
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit
CVE-2018-11806Jun 13, 2018
affected < 4.4.4_34-61.32.1fixed 4.4.4_34-61.32.1
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-3639May 22, 2018
affected < 4.4.4_32-61.29.2fixed 4.4.4_32-61.29.2
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
CVE-2018-8897May 8, 2018
affected < 4.4.4_30-61.26.1fixed 4.4.4_30-61.26.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
CVE-2018-10472Apr 27, 2018
affected < 4.4.4_30-61.26.1fixed 4.4.4_30-61.26.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-10471Apr 27, 2018
affected < 4.4.4_30-61.26.1fixed 4.4.4_30-61.26.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
CVE-2018-7550Mar 1, 2018
affected < 4.4.4_30-61.26.1fixed 4.4.4_30-61.26.1
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2018-5683Jan 23, 2018
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-18030Jan 23, 2018
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
CVE-2017-5754Jan 4, 2018
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5753Jan 4, 2018
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-5715Jan 4, 2018
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-17566HigDec 12, 2017
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2017-17565MedDec 12, 2017
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
CVE-2017-17564HigDec 12, 2017
affected < 4.4.4_28-61.23.2fixed 4.4.4_28-61.23.2
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.

Page 2 of 11