rpm package
suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (148)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3595 | — | < 4.11.4_20-2.60.1 | 4.11.4_20-2.60.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3594 | — | < 4.11.4_20-2.60.1 | 4.11.4_20-2.60.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2021-3592 | — | < 4.11.4_20-2.60.1 | 4.11.4_20-2.60.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2021-28689 | — | < 4.11.4_18-2.54.1 | 4.11.4_18-2.54.1 | Jun 11, 2021 | x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's nov | ||
| CVE-2021-0089 | — | < 4.11.4_20-2.60.1 | 4.11.4_20-2.60.1 | Jun 9, 2021 | Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2021-20255 | — | < 4.11.4_20-2.60.1 | 4.11.4_20-2.60.1 | Mar 9, 2021 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p | ||
| CVE-2021-27379 | — | < 4.11.4_16-2.51.1 | 4.11.4_16-2.51.1 | Feb 18, 2021 | An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were | ||
| CVE-2021-3308 | — | < 4.11.4_20-2.60.1 | 4.11.4_20-2.60.1 | Jan 26, 2021 | An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will | ||
| CVE-2020-29481 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to | ||
| CVE-2020-29484 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering t | ||
| CVE-2020-29483 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from x | ||
| CVE-2020-29480 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A | ||
| CVE-2020-29571 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected agains | ||
| CVE-2020-29570 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or bugg | ||
| CVE-2020-29566 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Dec 15, 2020 | An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled | ||
| CVE-2020-29130 | — | < 4.11.4_16-2.48.1 | 4.11.4_16-2.48.1 | Nov 26, 2020 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-28368 | — | < 4.11.4_12-2.42.1 | 4.11.4_12-2.42.1 | Nov 10, 2020 | Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the | ||
| CVE-2020-27670 | — | < 4.11.4_10-2.39.2 | 4.11.4_10-2.39.2 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | ||
| CVE-2020-27671 | — | < 4.11.4_10-2.39.2 | 4.11.4_10-2.39.2 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | ||
| CVE-2020-27672 | — | < 4.11.4_10-2.39.2 | 4.11.4_10-2.39.2 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. |
- CVE-2021-3595Jun 15, 2021affected < 4.11.4_20-2.60.1fixed 4.11.4_20-2.60.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- CVE-2021-3594Jun 15, 2021affected < 4.11.4_20-2.60.1fixed 4.11.4_20-2.60.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2021-3592Jun 15, 2021affected < 4.11.4_20-2.60.1fixed 4.11.4_20-2.60.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2021-28689Jun 11, 2021affected < 4.11.4_18-2.54.1fixed 4.11.4_18-2.54.1
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's nov
- CVE-2021-0089Jun 9, 2021affected < 4.11.4_20-2.60.1fixed 4.11.4_20-2.60.1
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2021-20255Mar 9, 2021affected < 4.11.4_20-2.60.1fixed 4.11.4_20-2.60.1
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
- CVE-2021-27379Feb 18, 2021affected < 4.11.4_16-2.51.1fixed 4.11.4_16-2.51.1
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were
- CVE-2021-3308Jan 26, 2021affected < 4.11.4_20-2.60.1fixed 4.11.4_20-2.60.1
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will
- CVE-2020-29481Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to
- CVE-2020-29484Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering t
- CVE-2020-29483Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from x
- CVE-2020-29480Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A
- CVE-2020-29571Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected agains
- CVE-2020-29570Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or bugg
- CVE-2020-29566Dec 15, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled
- CVE-2020-29130Nov 26, 2020affected < 4.11.4_16-2.48.1fixed 4.11.4_16-2.48.1
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-28368Nov 10, 2020affected < 4.11.4_12-2.42.1fixed 4.11.4_12-2.42.1
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the
- CVE-2020-27670Oct 22, 2020affected < 4.11.4_10-2.39.2fixed 4.11.4_10-2.39.2
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
- CVE-2020-27671Oct 22, 2020affected < 4.11.4_10-2.39.2fixed 4.11.4_10-2.39.2
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
- CVE-2020-27672Oct 22, 2020affected < 4.11.4_10-2.39.2fixed 4.11.4_10-2.39.2
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
Page 4 of 8