rpm package
suse/xen&distro=SUSE Manager Proxy 4.0
pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%204.0
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-28696 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m | ||
| CVE-2021-28695 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m | ||
| CVE-2021-28694 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m | ||
| CVE-2021-28697 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc | ||
| CVE-2021-28698 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie | ||
| CVE-2021-28699 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra | ||
| CVE-2021-28700 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Aug 27, 2021 | xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally | ||
| CVE-2021-28693 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Jun 30, 2021 | xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page | ||
| CVE-2021-28692 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Jun 30, 2021 | inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, | ||
| CVE-2021-28690 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Jun 29, 2021 | x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s | ||
| CVE-2021-28687 | — | < 4.12.4_08-3.43.3 | 4.12.4_08-3.43.3 | Jun 11, 2021 | HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, | ||
| CVE-2021-0089 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Jun 9, 2021 | Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2021-3308 | — | < 4.12.4_08-3.43.3 | 4.12.4_08-3.43.3 | Jan 26, 2021 | An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will | ||
| CVE-2020-28368 | — | < 4.12.4_08-3.43.3 | 4.12.4_08-3.43.3 | Nov 10, 2020 | Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the |
- CVE-2021-28696Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
- CVE-2021-28695Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
- CVE-2021-28694Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically m
- CVE-2021-28697Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-alloc
- CVE-2021-28698Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entrie
- CVE-2021-28699Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra
- CVE-2021-28700Aug 27, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally
- CVE-2021-28693Jun 30, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page
- CVE-2021-28692Jun 30, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead,
- CVE-2021-28690Jun 29, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires s
- CVE-2021-28687Jun 11, 2021affected < 4.12.4_08-3.43.3fixed 4.12.4_08-3.43.3
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline,
- CVE-2021-0089Jun 9, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2021-3308Jan 26, 2021affected < 4.12.4_08-3.43.3fixed 4.12.4_08-3.43.3
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will
- CVE-2020-28368Nov 10, 2020affected < 4.12.4_08-3.43.3fixed 4.12.4_08-3.43.3
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the