rpm package
suse/xen&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS
Vulnerabilities (136)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5278 | — | < 4.2.5_20-24.9 | 4.2.5_20-24.9 | Jan 23, 2020 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||
| CVE-2018-3646 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | ||
| CVE-2016-9603 | — | < 4.2.5_21-41.1 | 4.2.5_21-41.1 | Jul 27, 2018 | A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest c | ||
| CVE-2017-2620 | — | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Jul 27, 2018 | Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro | ||
| CVE-2017-2615 | — | < 4.2.5_21-35.1 | 4.2.5_21-35.1 | Jul 2, 2018 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result | ||
| CVE-2018-12893 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Jul 2, 2018 | An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can | ||
| CVE-2018-12891 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Jul 2, 2018 | An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing | ||
| CVE-2018-3665 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Jun 21, 2018 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | ||
| CVE-2018-12617 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Jun 21, 2018 | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit | ||
| CVE-2018-11806 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | Jun 13, 2018 | m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | ||
| CVE-2018-3639 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | ||
| CVE-2018-10982 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | May 10, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC | ||
| CVE-2018-10981 | — | < 4.2.5_21-45.25.1 | 4.2.5_21-45.25.1 | May 10, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | ||
| CVE-2018-8897 | — | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | May 8, 2018 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP | ||
| CVE-2018-10472 | — | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. | ||
| CVE-2018-10471 | — | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | Apr 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | ||
| CVE-2018-7550 | — | < 4.2.5_21-45.22.1 | 4.2.5_21-45.22.1 | Mar 1, 2018 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | ||
| CVE-2018-7541 | — | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Feb 27, 2018 | An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. | ||
| CVE-2018-7540 | — | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Feb 27, 2018 | An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | ||
| CVE-2018-5683 | — | < 4.2.5_21-45.19.1 | 4.2.5_21-45.19.1 | Jan 23, 2018 | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. |
- CVE-2015-5278Jan 23, 2020affected < 4.2.5_20-24.9fixed 4.2.5_20-24.9
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
- CVE-2018-3646Aug 14, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
- CVE-2016-9603Jul 27, 2018affected < 4.2.5_21-41.1fixed 4.2.5_21-41.1
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest c
- CVE-2017-2620Jul 27, 2018affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
- CVE-2017-2615Jul 2, 2018affected < 4.2.5_21-35.1fixed 4.2.5_21-35.1
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
- CVE-2018-12893Jul 2, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can
- CVE-2018-12891Jul 2, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
- CVE-2018-3665Jun 21, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
- CVE-2018-12617Jun 21, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit
- CVE-2018-11806Jun 13, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
- CVE-2018-3639May 22, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- CVE-2018-10982May 10, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC
- CVE-2018-10981May 10, 2018affected < 4.2.5_21-45.25.1fixed 4.2.5_21-45.25.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
- CVE-2018-8897May 8, 2018affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
- CVE-2018-10472Apr 27, 2018affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
- CVE-2018-10471Apr 27, 2018affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
- CVE-2018-7550Mar 1, 2018affected < 4.2.5_21-45.22.1fixed 4.2.5_21-45.22.1
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
- CVE-2018-7541Feb 27, 2018affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
- CVE-2018-7540Feb 27, 2018affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
- CVE-2018-5683Jan 23, 2018affected < 4.2.5_21-45.19.1fixed 4.2.5_21-45.19.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
Page 1 of 7