rpm package
suse/xen&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (79)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20257 | Med | 6.5 | < 4.4.4_48-61.64.1 | 4.4.4_48-61.64.1 | Mar 16, 2022 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re | |
| CVE-2021-3930 | Med | 6.5 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Feb 18, 2022 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d | |
| CVE-2022-23035 | Med | 4.6 | < 4.4.4_52-61.70.1 | 4.4.4_52-61.70.1 | Jan 25, 2022 | Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent | |
| CVE-2022-23034 | Med | 5.5 | < 4.4.4_52-61.70.1 | 4.4.4_52-61.70.1 | Jan 25, 2022 | A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unma | |
| CVE-2021-28703 | Hig | 7.0 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Dec 7, 2021 | grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, g | |
| CVE-2021-28709 | Hig | 7.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Nov 24, 2021 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t | |
| CVE-2021-28705 | Hig | 7.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Nov 24, 2021 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t | |
| CVE-2021-28706 | Hig | 8.6 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Nov 24, 2021 | guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precisio | |
| CVE-2021-28701 | Hig | 7.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Sep 8, 2021 | Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest sw | |
| CVE-2021-28698 | Med | 5.5 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Aug 27, 2021 | long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie | |
| CVE-2021-28697 | Hig | 7.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Aug 27, 2021 | grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc | |
| CVE-2021-3682 | Hig | 8.5 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Aug 5, 2021 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit | |
| CVE-2021-28692 | Hig | 7.1 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Jun 30, 2021 | inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, | |
| CVE-2021-28690 | Med | 6.5 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Jun 29, 2021 | x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s | |
| CVE-2021-3595 | Low | 3.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | |
| CVE-2021-3594 | Low | 3.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | |
| CVE-2021-3592 | Low | 3.8 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | |
| CVE-2021-0089 | Med | 6.5 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | Jun 9, 2021 | Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |
| CVE-2019-12067 | Med | 6.5 | < 4.4.4_40-61.49.1 | 4.4.4_40-61.49.1 | Jun 2, 2021 | The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | |
| CVE-2021-3527 | Med | 5.5 | < 4.4.4_50-61.67.1 | 4.4.4_50-61.67.1 | May 26, 2021 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array |
- affected < 4.4.4_48-61.64.1fixed 4.4.4_48-61.64.1
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
- affected < 4.4.4_52-61.70.1fixed 4.4.4_52-61.70.1
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent
- affected < 4.4.4_52-61.70.1fixed 4.4.4_52-61.70.1
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unma
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, g
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precisio
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest sw
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- affected < 4.4.4_40-61.49.1fixed 4.4.4_40-61.49.1
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
- affected < 4.4.4_50-61.67.1fixed 4.4.4_50-61.67.1
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array
Page 1 of 4