VYPR

rpm package

suse/xen&distro=SUSE OpenStack Cloud 6

pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%206

Vulnerabilities (52)

  • CVE-2017-10915CriJul 5, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.

  • CVE-2017-10914HigJul 5, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.

  • CVE-2017-10913CriJul 5, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.

  • CVE-2017-10912CriJul 5, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

  • CVE-2017-10911MedJul 5, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interfac

  • CVE-2017-9503MedJun 16, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.

  • CVE-2017-9374MedJun 16, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.

  • CVE-2017-9330MedJun 8, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.

  • CVE-2017-8309HigMay 23, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.

  • CVE-2017-8905HigMay 11, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

  • CVE-2017-8112MedMay 2, 2017
    affected < 4.5.5_12-22.18.1fixed 4.5.5_12-22.18.1

    hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

  • CVE-2017-5526MedMar 15, 2017
    affected < 4.5.5_18-22.31.1fixed 4.5.5_18-22.31.1

    Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

Page 3 of 3