rpm package
suse/xen&distro=SUSE OpenStack Cloud 5
pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%205
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4453 | Med | 4.4 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | Jun 1, 2016 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. | |
| CVE-2014-3672 | Med | 6.5 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 25, 2016 | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |
| CVE-2016-4001 | Hig | 8.6 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 23, 2016 | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. | |
| CVE-2016-4441 | Med | 6.0 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 20, 2016 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin | |
| CVE-2016-4439 | Med | 6.7 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 20, 2016 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e | |
| CVE-2016-4480 | Hig | 8.4 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 18, 2016 | The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |
| CVE-2016-3712 | Med | 5.5 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 11, 2016 | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |
| CVE-2016-3710 | Hig | 8.8 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | May 11, 2016 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |
| CVE-2016-4002 | Cri | 9.8 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | Apr 26, 2016 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th | |
| CVE-2016-3960 | Hig | 8.8 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | Apr 19, 2016 | Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |
| CVE-2016-3159 | Low | 3.8 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | Apr 13, 2016 | The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exceptio | |
| CVE-2016-3158 | Low | 3.8 | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | Apr 13, 2016 | The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception a | |
| CVE-2014-8106 | — | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Dec 8, 2014 | Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. | ||
| CVE-2014-3615 | — | < 4.2.5_21-27.1 | 4.2.5_21-27.1 | Nov 1, 2014 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. |
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exceptio
- affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception a
- CVE-2014-8106Dec 8, 2014affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
- CVE-2014-3615Nov 1, 2014affected < 4.2.5_21-27.1fixed 4.2.5_21-27.1
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
Page 3 of 3