rpm package

suse/xen&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (201)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-5337	Med	5.5	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 14, 2016	The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVE-2016-5238	Med	4.4	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 14, 2016	The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2016-4963	Med	4.7	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 7, 2016	The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2016-4962	Med	6.7	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 7, 2016	The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
CVE-2016-5126	Hig	7.8	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 1, 2016	Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2016-4454	Med	6.0	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 1, 2016	The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b
CVE-2016-4453	Med	4.4	< 4.4.4_07-37.1	4.4.4_07-37.1	Jun 1, 2016	The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-4020	Med	6.5	< 4.4.4_07-37.1	4.4.4_07-37.1	May 25, 2016	The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2014-3672	Med	6.5	< 4.4.4_07-37.1	4.4.4_07-37.1	May 25, 2016	The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-4037	Med	6.0	< 4.4.4_07-37.1	4.4.4_07-37.1	May 23, 2016	The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
CVE-2016-4001	Hig	8.6	< 4.4.4_07-37.1	4.4.4_07-37.1	May 23, 2016	Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2015-8558	Med	5.5	< 4.4.4_02-32.1	4.4.4_02-32.1	May 23, 2016	The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441	Med	6.0	< 4.4.4_07-37.1	4.4.4_07-37.1	May 20, 2016	The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
CVE-2016-4439	Med	6.7	< 4.4.4_07-37.1	4.4.4_07-37.1	May 20, 2016	The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
CVE-2016-3710	Hig	8.8	< 4.4.4_07-37.1	4.4.4_07-37.1	May 11, 2016	The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4002	Cri	9.8	< 4.4.4_07-37.1	4.4.4_07-37.1	Apr 26, 2016	Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
CVE-2016-3960	Hig	8.8	< 4.4.4_07-37.1	4.4.4_07-37.1	Apr 19, 2016	Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2015-8554	Hig	7.5	< 4.4.4_02-32.1	4.4.4_02-32.1	Apr 14, 2016	Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X
CVE-2015-8550	Hig	8.2	< 4.4.4_02-32.1	4.4.4_02-32.1	Apr 14, 2016	Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
CVE-2016-3159	Low	3.8	< 4.4.4_07-37.1	4.4.4_07-37.1	Apr 13, 2016	The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exceptio

CVE-2016-5337MedJun 14, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVE-2016-5238MedJun 14, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2016-4963MedJun 7, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2016-4962MedJun 7, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
CVE-2016-5126HigJun 1, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2016-4454MedJun 1, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b
CVE-2016-4453MedJun 1, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-4020MedMay 25, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2014-3672MedMay 25, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-4037MedMay 23, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
CVE-2016-4001HigMay 23, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2015-8558MedMay 23, 2016
affected < 4.4.4_02-32.1fixed 4.4.4_02-32.1
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441MedMay 20, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
CVE-2016-4439MedMay 20, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
CVE-2016-3710HigMay 11, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4002CriApr 26, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
CVE-2016-3960HigApr 19, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2015-8554HigApr 14, 2016
affected < 4.4.4_02-32.1fixed 4.4.4_02-32.1
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X
CVE-2015-8550HigApr 14, 2016
affected < 4.4.4_02-32.1fixed 4.4.4_02-32.1
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
CVE-2016-3159LowApr 13, 2016
affected < 4.4.4_07-37.1fixed 4.4.4_07-37.1
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exceptio

Page 8 of 11