rpm package

suse/xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (140)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-28696	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28695	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28694	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28697	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc
CVE-2021-28698	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie
CVE-2021-28699	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra
CVE-2021-28700	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Aug 27, 2021	xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally
CVE-2021-28693	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 30, 2021	xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page
CVE-2021-28692	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 30, 2021	inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,
CVE-2021-28690	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 29, 2021	x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s
CVE-2021-3595	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 15, 2021	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
CVE-2021-3594	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 15, 2021	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
CVE-2021-3592	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 15, 2021	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
CVE-2021-28687	—	< 4.12.4_09-3.39.3	4.12.4_09-3.39.3	Jun 11, 2021	HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline,
CVE-2021-28689	—	< 4.12.4_28-3.77.1	4.12.4_28-3.77.1	Jun 11, 2021	x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's nov
CVE-2021-0089	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Jun 9, 2021	Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-20255	—	< 4.12.4_12-3.49.1	4.12.4_12-3.49.1	Mar 9, 2021	A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
CVE-2021-3308	—	< 4.12.4_09-3.39.3	4.12.4_09-3.39.3	Jan 26, 2021	An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will
CVE-2020-29481	—	< 4.12.4_06-3.36.1	4.12.4_06-3.36.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to
CVE-2020-29484	—	< 4.12.4_06-3.36.1	4.12.4_06-3.36.1	Dec 15, 2020	An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering t

CVE-2021-28696Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28695Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28694Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
CVE-2021-28697Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc
CVE-2021-28698Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie
CVE-2021-28699Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra
CVE-2021-28700Aug 27, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally
CVE-2021-28693Jun 30, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page
CVE-2021-28692Jun 30, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,
CVE-2021-28690Jun 29, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s
CVE-2021-3595Jun 15, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
CVE-2021-3594Jun 15, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
CVE-2021-3592Jun 15, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
CVE-2021-28687Jun 11, 2021
affected < 4.12.4_09-3.39.3fixed 4.12.4_09-3.39.3
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline,
CVE-2021-28689Jun 11, 2021
affected < 4.12.4_28-3.77.1fixed 4.12.4_28-3.77.1
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's nov
CVE-2021-0089Jun 9, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-20255Mar 9, 2021
affected < 4.12.4_12-3.49.1fixed 4.12.4_12-3.49.1
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
CVE-2021-3308Jan 26, 2021
affected < 4.12.4_09-3.39.3fixed 4.12.4_09-3.39.3
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will
CVE-2020-29481Dec 15, 2020
affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to
CVE-2020-29484Dec 15, 2020
affected < 4.12.4_06-3.36.1fixed 4.12.4_06-3.36.1
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering t

Page 5 of 7