rpm package
suse/xen&distro=SUSE OpenStack Cloud Crowbar 9
pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Vulnerabilities (97)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27673 | — | < 4.11.4_10-2.39.2 | 4.11.4_10-2.39.2 | Oct 22, 2020 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | ||
| CVE-2020-27674 | — | < 4.11.4_14-2.45.1 | 4.11.4_14-2.45.1 | Oct 22, 2020 | An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | ||
| CVE-2020-25603 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory | ||
| CVE-2020-25596 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it t | ||
| CVE-2020-25604 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to rel | ||
| CVE-2020-25602 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest acc | ||
| CVE-2020-25601 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event c | ||
| CVE-2020-25600 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones | ||
| CVE-2020-25599 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to ou | ||
| CVE-2020-25597 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life tim | ||
| CVE-2020-25595 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specific | ||
| CVE-2020-14364 | — | < 4.11.4_08-2.36.1 | 4.11.4_08-2.36.1 | Aug 31, 2020 | An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw all | ||
| CVE-2020-15567 | — | < 4.11.4_04-2.30.1 | 4.11.4_04-2.30.1 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-at | ||
| CVE-2020-15565 | — | < 4.11.4_04-2.30.1 | 4.11.4_04-2.30.1 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require fl | ||
| CVE-2020-15563 | — | < 4.11.4_04-2.30.1 | 4.11.4_04-2.30.1 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A mali | ||
| CVE-2020-15566 | — | < 4.11.4_04-2.30.1 | 4.11.4_04-2.30.1 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory | ||
| CVE-2020-8608 | — | < 4.11.4_06-2.33.1 | 4.11.4_06-2.33.1 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. |
- CVE-2020-27673Oct 22, 2020affected < 4.11.4_10-2.39.2fixed 4.11.4_10-2.39.2
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
- CVE-2020-27674Oct 22, 2020affected < 4.11.4_14-2.45.1fixed 4.11.4_14-2.45.1
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
- CVE-2020-25603Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory
- CVE-2020-25596Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it t
- CVE-2020-25604Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to rel
- CVE-2020-25602Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest acc
- CVE-2020-25601Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event c
- CVE-2020-25600Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones
- CVE-2020-25599Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to ou
- CVE-2020-25597Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life tim
- CVE-2020-25595Sep 23, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specific
- CVE-2020-14364Aug 31, 2020affected < 4.11.4_08-2.36.1fixed 4.11.4_08-2.36.1
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw all
- CVE-2020-15567Jul 7, 2020affected < 4.11.4_04-2.30.1fixed 4.11.4_04-2.30.1
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-at
- CVE-2020-15565Jul 7, 2020affected < 4.11.4_04-2.30.1fixed 4.11.4_04-2.30.1
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require fl
- CVE-2020-15563Jul 7, 2020affected < 4.11.4_04-2.30.1fixed 4.11.4_04-2.30.1
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A mali
- CVE-2020-15566Jul 7, 2020affected < 4.11.4_04-2.30.1fixed 4.11.4_04-2.30.1
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory
- CVE-2020-8608Feb 6, 2020affected < 4.11.4_06-2.33.1fixed 4.11.4_06-2.33.1
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Page 5 of 5