rpm package

suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (144)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-28695	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Aug 27, 2021	IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28694	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Aug 27, 2021	IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28697	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Aug 27, 2021	grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc
CVE-2021-28698	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Aug 27, 2021	long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie
CVE-2021-28699	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Aug 27, 2021	inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra
CVE-2021-28692	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Jun 30, 2021	inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,
CVE-2021-28690	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Jun 29, 2021	x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s
CVE-2021-3595	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Jun 15, 2021	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
CVE-2021-3594	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Jun 15, 2021	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
CVE-2021-3592	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Jun 15, 2021	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
CVE-2021-0089	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Jun 9, 2021	Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-20255	—	< 4.9.4_20-3.91.1	4.9.4_20-3.91.1	Mar 9, 2021	A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
CVE-2021-27379	—	< 4.9.4_16-3.83.1	4.9.4_16-3.83.1	Feb 18, 2021	An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were
CVE-2020-29481	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to
CVE-2020-29484	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering t
CVE-2020-29483	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from x
CVE-2020-29480	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A
CVE-2020-29571	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected agains
CVE-2020-29570	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or bugg
CVE-2020-29566	—	< 4.9.4_16-3.80.1	4.9.4_16-3.80.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled

CVE-2021-28695Aug 27, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28694Aug 27, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28697Aug 27, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc
CVE-2021-28698Aug 27, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie
CVE-2021-28699Aug 27, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra
CVE-2021-28692Jun 30, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,
CVE-2021-28690Jun 29, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s
CVE-2021-3595Jun 15, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
CVE-2021-3594Jun 15, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
CVE-2021-3592Jun 15, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
CVE-2021-0089Jun 9, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-20255Mar 9, 2021
affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
CVE-2021-27379Feb 18, 2021
affected < 4.9.4_16-3.83.1fixed 4.9.4_16-3.83.1
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were
CVE-2020-29481Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to
CVE-2020-29484Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering t
CVE-2020-29483Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from x
CVE-2020-29480Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A
CVE-2020-29571Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected agains
CVE-2020-29570Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or bugg
CVE-2020-29566Dec 15, 2020
affected < 4.9.4_16-3.80.1fixed 4.9.4_16-3.80.1
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled

Page 2 of 8