rpm package

suse/xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Vulnerabilities (48)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-10472		—	< 4.9.2_04-3.29.1	4.9.2_04-3.29.1	Apr 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-10471		—	< 4.9.2_04-3.29.1	4.9.2_04-3.29.1	Apr 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
CVE-2018-7542		—	< 4.9.2_04-3.29.1	4.9.2_04-3.29.1	Feb 27, 2018	An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
CVE-2018-7541		—	< 4.9.2_04-3.29.1	4.9.2_04-3.29.1	Feb 27, 2018	An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
CVE-2018-7540		—	< 4.9.2_04-3.29.1	4.9.2_04-3.29.1	Feb 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
CVE-2018-5683		—	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Jan 23, 2018	The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-18030		—	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Jan 23, 2018	The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
CVE-2017-5754		—	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5753		—	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-5715		—	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-17566	Hig	7.8	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2017-17565	Med	5.6	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
CVE-2017-17564	Hig	7.8	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
CVE-2017-17563	Hig	7.8	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Dec 12, 2017	An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
CVE-2017-15597	Cri	9.1	< 4.9.1_02-3.21.1	4.9.1_02-3.21.1	Oct 30, 2017	An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a g
CVE-2017-15595	Hig	8.8	< 4.9.1_08-3.26.1	4.9.1_08-3.26.1	Oct 18, 2017	An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15289	Med	6.0	< 4.9.1_02-3.21.1	4.9.1_02-3.21.1	Oct 16, 2017	The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVE-2017-14319	Hig	8.8	< 4.9.0_12-3.15.1	4.9.0_12-3.15.1	Sep 12, 2017	A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neit
CVE-2017-14318	Med	6.5	< 4.9.0_12-3.15.1	4.9.0_12-3.15.1	Sep 12, 2017	An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked
CVE-2017-14317	Med	5.6	< 4.9.0_12-3.15.1	4.9.0_12-3.15.1	Sep 12, 2017	A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on

CVE-2018-10472Apr 27, 2018
affected < 4.9.2_04-3.29.1fixed 4.9.2_04-3.29.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-10471Apr 27, 2018
affected < 4.9.2_04-3.29.1fixed 4.9.2_04-3.29.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
CVE-2018-7542Feb 27, 2018
affected < 4.9.2_04-3.29.1fixed 4.9.2_04-3.29.1
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
CVE-2018-7541Feb 27, 2018
affected < 4.9.2_04-3.29.1fixed 4.9.2_04-3.29.1
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
CVE-2018-7540Feb 27, 2018
affected < 4.9.2_04-3.29.1fixed 4.9.2_04-3.29.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
CVE-2018-5683Jan 23, 2018
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-18030Jan 23, 2018
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
CVE-2017-5754Jan 4, 2018
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5753Jan 4, 2018
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-5715Jan 4, 2018
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-17566HigDec 12, 2017
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2017-17565MedDec 12, 2017
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
CVE-2017-17564HigDec 12, 2017
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
CVE-2017-17563HigDec 12, 2017
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
CVE-2017-15597CriOct 30, 2017
affected < 4.9.1_02-3.21.1fixed 4.9.1_02-3.21.1
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a g
CVE-2017-15595HigOct 18, 2017
affected < 4.9.1_08-3.26.1fixed 4.9.1_08-3.26.1
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15289MedOct 16, 2017
affected < 4.9.1_02-3.21.1fixed 4.9.1_02-3.21.1
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVE-2017-14319HigSep 12, 2017
affected < 4.9.0_12-3.15.1fixed 4.9.0_12-3.15.1
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neit
CVE-2017-14318MedSep 12, 2017
affected < 4.9.0_12-3.15.1fixed 4.9.0_12-3.15.1
An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked
CVE-2017-14317MedSep 12, 2017
affected < 4.9.0_12-3.15.1fixed 4.9.0_12-3.15.1
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on

Page 2 of 3