Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-8866
Vulnerability from cvelistv5
Published
2014-12-01 15:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:26:02.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201504-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201504-04", }, { name: "62672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62672", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX201794", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX200288", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { name: "DSA-3140", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3140", }, { name: "openSUSE-SU-2015:0226", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { name: "openSUSE-SU-2015:0256", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { name: "71332", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/71332", }, { name: "59937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-27T00:00:00", descriptions: [ { lang: "en", value: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-14T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201504-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201504-04", }, { name: "62672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62672", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX201794", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX200288", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { name: "DSA-3140", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3140", }, { name: "openSUSE-SU-2015:0226", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { name: "openSUSE-SU-2015:0256", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { name: "71332", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/71332", }, { name: "59937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59937", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-8866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201504-04", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201504-04", }, { name: "62672", refsource: "SECUNIA", url: "http://secunia.com/advisories/62672", }, { name: "http://support.citrix.com/article/CTX201794", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX201794", }, { name: "http://support.citrix.com/article/CTX200288", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX200288", }, { name: "http://xenbits.xen.org/xsa/advisory-111.html", refsource: "CONFIRM", url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { name: "DSA-3140", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3140", }, { name: "openSUSE-SU-2015:0226", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { name: "openSUSE-SU-2015:0256", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { name: "71332", refsource: "BID", url: "http://www.securityfocus.com/bid/71332", }, { name: "59937", refsource: "SECUNIA", url: "http://secunia.com/advisories/59937", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-8866", datePublished: "2014-12-01T15:00:00", dateReserved: "2014-11-14T00:00:00", dateUpdated: "2024-08-06T13:26:02.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2014-8866\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-12-01T15:59:08.797\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.\"},{\"lang\":\"es\",\"value\":\"La traducción del argumento de hiperllamadas del modo de compatibilidad en Xen 3.3.x hasta 4.4.x, cuando funciona en un hipervisor de 64 bits, permite a invitados locales de HVM de 32 bits causar una denegación de servicio (caída del anfitrión) a través de vectores que involucran la alteración de las mitades altas de registros mientras en el modo de 64 bits.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":4.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-17\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB157D09-B91B-486A-A9F7-C9BA75AE8823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA95119D-EAF1-48D4-AE7C-0C4927D06CDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D40E4E4-3FCB-4980-8DD2-49DDABCB398E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F7D1B7E-C30F-430F-832D-2A405DA1F2D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7C1D0AD-B804-474C-96A3-988BADA0DAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DCD1F05-9F96-40DD-B506-750E87306325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BADA43-94D5-4E80-B5C8-D01A0249F13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"550223A9-B9F1-440A-8C25-9F0F76AF7301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC734D58-96E5-4DD2-8781-F8E0ADB96462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62CEC1BF-1922-410D-BCBA-C58199F574C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"923F2C2B-4A65-4823-B511-D0FEB7C7FAB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D532B60-C8DD-4A2F-9D05-E574D23EB754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D83CA8B-8E49-45FA-8FAB-C15052474542\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27537DF5-7E0F-463F-BA87-46E329EE07AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EA4F978-9145-4FE6-B4F9-15207E52C40A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22A995FD-9B7F-4DF0-BECF-4B086E470F1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"219597E2-E2D7-4647-8A7C-688B96300158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E55950-EACA-4209-B2A1-E09026FC6006\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47640819-FC43-49ED-8A77-728C3D7255B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2448537F-87AD-45C1-9FB0-7A49CA31BD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36B2265-70E1-413B-A7CF-79D39E9ADCFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF948E6A-07BE-4C7D-8A98-002E89D35F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0E23B94-1726-4F63-84BB-8D83FAB156D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1044792C-D544-457C-9391-4F3B5BAB978D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF23B21B-594A-42E2-AF90-D5C4246B39A4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/59937\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/62672\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX200288\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX201794\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3140\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/71332\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-111.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-04\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/59937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/62672\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://support.citrix.com/article/CTX200288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX201794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/71332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-111.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
ghsa-gqm4-jx6m-62vq
Vulnerability from github
Published
2022-05-14 02:05
Modified
2022-05-14 02:05
Details
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
{ affected: [], aliases: [ "CVE-2014-8866", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2014-12-01T15:59:00Z", severity: "MODERATE", }, details: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", id: "GHSA-gqm4-jx6m-62vq", modified: "2022-05-14T02:05:36Z", published: "2022-05-14T02:05:36Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8866", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201504-04", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { type: "WEB", url: "http://secunia.com/advisories/59937", }, { type: "WEB", url: "http://secunia.com/advisories/62672", }, { type: "WEB", url: "http://support.citrix.com/article/CTX200288", }, { type: "WEB", url: "http://support.citrix.com/article/CTX201794", }, { type: "WEB", url: "http://www.debian.org/security/2015/dsa-3140", }, { type: "WEB", url: "http://www.securityfocus.com/bid/71332", }, { type: "WEB", url: "http://xenbits.xen.org/xsa/advisory-111.html", }, ], schema_version: "1.4.0", severity: [], }
suse-su-2015:0940-1
Vulnerability from csaf_suse
Published
2012-11-22 17:59
Modified
2012-11-22 17:59
Summary
Security update for Xen
Notes
Title of the patch
Security update for Xen
Description of the patch
This update fixes the following security issues in Xen:
* CVE-2012-5510: Grant table version switch list corruption
vulnerability (XSA-26)
* CVE-2012-5511: Several HVM operations do not validate the range of
their inputs (XSA-27)
* CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory
(XSA-29)
* CVE-2012-5514: Missing unlock in
guest_physmap_mark_populate_on_demand() (XSA-30)
* CVE-2012-5515: Several memory hypercall operations allow invalid
extent order values (XSA-31)
Also the following fix has been applied:
* bnc#777628 - guest 'disappears' after live migration
Updated block-dmmd script
Security Issues references:
* CVE-2012-5513
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513>
* CVE-2012-5514
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514>
* CVE-2012-5511
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511>
* CVE-2012-5510
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510>
* CVE-2012-5515
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515>
Patchnames
slessp1-xen
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Xen", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following security issues in Xen:\n\n * CVE-2012-5510: Grant table version switch list corruption\n vulnerability (XSA-26)\n * CVE-2012-5511: Several HVM operations do not validate the range of\n their inputs (XSA-27)\n * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory\n (XSA-29)\n * CVE-2012-5514: Missing unlock in\n guest_physmap_mark_populate_on_demand() (XSA-30)\n * CVE-2012-5515: Several memory hypercall operations allow invalid\n extent order values (XSA-31)\n\nAlso the following fix has been applied:\n\n * bnc#777628 - guest 'disappears' after live migration\n Updated block-dmmd script\n\nSecurity Issues references:\n\n * CVE-2012-5513\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513>\n * CVE-2012-5514\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514>\n * CVE-2012-5511\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511>\n * CVE-2012-5510\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510>\n * CVE-2012-5515\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515>\n\n", title: "Description of the patch", }, { category: "details", text: "slessp1-xen", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0940-1.json", }, { category: "self", summary: "URL for SUSE-SU-2015:0940-1", url: "https://www.suse.com/support/update/announcement/2015/suse-su-20150940-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2015:0940-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2015-May/001404.html", }, { category: "self", summary: "SUSE Bug 777628", url: "https://bugzilla.suse.com/777628", }, { category: "self", summary: "SUSE Bug 789944", url: "https://bugzilla.suse.com/789944", }, { category: "self", summary: "SUSE Bug 789945", url: "https://bugzilla.suse.com/789945", }, { category: "self", summary: "SUSE Bug 789948", url: "https://bugzilla.suse.com/789948", }, { category: "self", summary: "SUSE Bug 789950", url: "https://bugzilla.suse.com/789950", }, { category: "self", summary: "SUSE Bug 789951", url: "https://bugzilla.suse.com/789951", }, { category: "self", summary: "SUSE Bug 826717", url: "https://bugzilla.suse.com/826717", }, { category: "self", summary: "SUSE Bug 880751", url: "https://bugzilla.suse.com/880751", }, { category: "self", summary: "SUSE Bug 895798", url: "https://bugzilla.suse.com/895798", }, { category: "self", summary: "SUSE Bug 895799", url: "https://bugzilla.suse.com/895799", }, { category: "self", summary: "SUSE Bug 895802", url: "https://bugzilla.suse.com/895802", }, { category: "self", summary: "SUSE Bug 903850", url: "https://bugzilla.suse.com/903850", }, { category: "self", summary: "SUSE Bug 903967", url: "https://bugzilla.suse.com/903967", }, { category: "self", summary: "SUSE Bug 903970", url: "https://bugzilla.suse.com/903970", }, { category: "self", summary: "SUSE Bug 905465", url: "https://bugzilla.suse.com/905465", }, { category: "self", summary: "SUSE Bug 905467", url: "https://bugzilla.suse.com/905467", }, { category: "self", summary: "SUSE Bug 906439", url: "https://bugzilla.suse.com/906439", }, { category: "self", summary: "SUSE Bug 927967", url: "https://bugzilla.suse.com/927967", }, { category: "self", summary: "SUSE Bug 929339", url: "https://bugzilla.suse.com/929339", }, { category: "self", summary: "SUSE CVE CVE-2012-5510 page", url: "https://www.suse.com/security/cve/CVE-2012-5510/", }, { category: "self", summary: "SUSE CVE CVE-2012-5511 page", url: "https://www.suse.com/security/cve/CVE-2012-5511/", }, { category: "self", summary: "SUSE CVE CVE-2012-5513 page", url: "https://www.suse.com/security/cve/CVE-2012-5513/", }, { category: "self", summary: "SUSE CVE CVE-2012-5514 page", url: "https://www.suse.com/security/cve/CVE-2012-5514/", }, { category: "self", summary: "SUSE CVE CVE-2012-5515 page", url: "https://www.suse.com/security/cve/CVE-2012-5515/", }, { category: "self", summary: "SUSE CVE CVE-2013-3495 page", url: "https://www.suse.com/security/cve/CVE-2013-3495/", }, { category: "self", summary: "SUSE CVE CVE-2014-4021 page", url: "https://www.suse.com/security/cve/CVE-2014-4021/", }, { category: "self", summary: "SUSE CVE CVE-2014-7154 page", url: "https://www.suse.com/security/cve/CVE-2014-7154/", }, { category: "self", summary: "SUSE CVE CVE-2014-7155 page", url: "https://www.suse.com/security/cve/CVE-2014-7155/", }, { category: "self", summary: "SUSE CVE CVE-2014-7156 page", url: "https://www.suse.com/security/cve/CVE-2014-7156/", }, { category: "self", summary: "SUSE CVE CVE-2014-8594 page", url: "https://www.suse.com/security/cve/CVE-2014-8594/", }, { category: "self", summary: "SUSE CVE CVE-2014-8595 page", url: "https://www.suse.com/security/cve/CVE-2014-8595/", }, { category: "self", summary: "SUSE CVE CVE-2014-8866 page", url: "https://www.suse.com/security/cve/CVE-2014-8866/", }, { category: "self", summary: "SUSE CVE CVE-2014-8867 page", url: "https://www.suse.com/security/cve/CVE-2014-8867/", }, { category: "self", summary: "SUSE CVE CVE-2014-9030 page", url: "https://www.suse.com/security/cve/CVE-2014-9030/", }, { category: "self", summary: "SUSE CVE CVE-2015-3340 page", url: "https://www.suse.com/security/cve/CVE-2015-3340/", }, { category: "self", summary: "SUSE CVE CVE-2015-3456 page", url: "https://www.suse.com/security/cve/CVE-2015-3456/", }, ], title: "Security update for Xen", tracking: { current_release_date: "2012-11-22T17:59:15Z", generator: { date: "2012-11-22T17:59:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2015:0940-1", initial_release_date: "2012-11-22T17:59:15Z", revision_history: [ { date: "2012-11-22T17:59:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "xen-4.0.3_21548_12-0.3.1.i586", product: { name: "xen-4.0.3_21548_12-0.3.1.i586", product_id: "xen-4.0.3_21548_12-0.3.1.i586", }, }, { category: "product_version", name: "xen-doc-html-4.0.3_21548_12-0.3.1.i586", product: { name: "xen-doc-html-4.0.3_21548_12-0.3.1.i586", product_id: "xen-doc-html-4.0.3_21548_12-0.3.1.i586", }, }, { category: "product_version", name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", product: { name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", product_id: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", }, }, { category: "product_version", name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", product: { name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", product_id: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", }, }, { category: "product_version", name: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", product: { name: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", product_id: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", }, }, { category: "product_version", name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", product: { name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", product_id: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", }, }, { category: "product_version", name: "xen-libs-4.0.3_21548_12-0.3.1.i586", product: { name: "xen-libs-4.0.3_21548_12-0.3.1.i586", product_id: "xen-libs-4.0.3_21548_12-0.3.1.i586", }, }, { category: "product_version", name: "xen-tools-4.0.3_21548_12-0.3.1.i586", product: { name: "xen-tools-4.0.3_21548_12-0.3.1.i586", product_id: "xen-tools-4.0.3_21548_12-0.3.1.i586", }, }, { category: "product_version", name: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586", product: { name: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586", product_id: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "xen-4.0.3_21548_12-0.3.1.x86_64", product: { name: "xen-4.0.3_21548_12-0.3.1.x86_64", product_id: "xen-4.0.3_21548_12-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", product: { name: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", product_id: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", product: { name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", product_id: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", product: { name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", product_id: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", product: { name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", product_id: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-libs-4.0.3_21548_12-0.3.1.x86_64", product: { name: "xen-libs-4.0.3_21548_12-0.3.1.x86_64", product_id: "xen-libs-4.0.3_21548_12-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-tools-4.0.3_21548_12-0.3.1.x86_64", product: { name: "xen-tools-4.0.3_21548_12-0.3.1.x86_64", product_id: "xen-tools-4.0.3_21548_12-0.3.1.x86_64", }, }, { category: "product_version", name: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", product: { name: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", product_id: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss:11:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP1-TERADATA", product: { name: "SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA", product_identification_helper: { cpe: "cpe:/o:suse:sles:11:sp1:teradata", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "xen-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-doc-html-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-doc-html-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", }, product_reference: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", }, product_reference: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", }, product_reference: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", }, product_reference: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", }, product_reference: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-libs-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-libs-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-libs-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-libs-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-tools-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-tools-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-tools-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-tools-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "xen-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-doc-html-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-doc-html-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", }, product_reference: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", }, product_reference: "xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", }, product_reference: "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", }, product_reference: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", }, product_reference: "xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-libs-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-libs-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-libs-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-libs-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-tools-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-tools-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-tools-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-tools-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", }, product_reference: "xen-tools-domU-4.0.3_21548_12-0.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, { category: "default_component_of", full_product_name: { name: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", }, product_reference: "xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP1-TERADATA", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5510", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5510", }, ], notes: [ { category: "general", text: "Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5510", url: "https://www.suse.com/security/cve/CVE-2012-5510", }, { category: "external", summary: "SUSE Bug 789945 for CVE-2012-5510", url: "https://bugzilla.suse.com/789945", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2012-5510", }, { cve: "CVE-2012-5511", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5511", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5511", url: "https://www.suse.com/security/cve/CVE-2012-5511", }, { category: "external", summary: "SUSE Bug 789944 for CVE-2012-5511", url: "https://bugzilla.suse.com/789944", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2012-5511", }, { cve: "CVE-2012-5513", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5513", }, ], notes: [ { category: "general", text: "The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5513", url: "https://www.suse.com/security/cve/CVE-2012-5513", }, { category: "external", summary: "SUSE Bug 789951 for CVE-2012-5513", url: "https://bugzilla.suse.com/789951", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2012-5513", }, { cve: "CVE-2012-5514", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5514", }, ], notes: [ { category: "general", text: "The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5514", url: "https://www.suse.com/security/cve/CVE-2012-5514", }, { category: "external", summary: "SUSE Bug 789948 for CVE-2012-5514", url: "https://bugzilla.suse.com/789948", }, { category: "external", summary: "SUSE Bug 789988 for CVE-2012-5514", url: "https://bugzilla.suse.com/789988", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2012-5514", }, { cve: "CVE-2012-5515", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5515", }, ], notes: [ { category: "general", text: "The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5515", url: "https://www.suse.com/security/cve/CVE-2012-5515", }, { category: "external", summary: "SUSE Bug 789950 for CVE-2012-5515", url: "https://bugzilla.suse.com/789950", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2012-5515", }, { cve: "CVE-2013-3495", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-3495", }, ], notes: [ { category: "general", text: "The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-3495", url: "https://www.suse.com/security/cve/CVE-2013-3495", }, { category: "external", summary: "SUSE Bug 826717 for CVE-2013-3495", url: "https://bugzilla.suse.com/826717", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2013-3495", url: "https://bugzilla.suse.com/903970", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2013-3495", }, { cve: "CVE-2014-4021", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4021", }, ], notes: [ { category: "general", text: "Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4021", url: "https://www.suse.com/security/cve/CVE-2014-4021", }, { category: "external", summary: "SUSE Bug 880751 for CVE-2014-4021", url: "https://bugzilla.suse.com/880751", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2014-4021", url: "https://bugzilla.suse.com/903970", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "low", }, ], title: "CVE-2014-4021", }, { cve: "CVE-2014-7154", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-7154", }, ], notes: [ { category: "general", text: "Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-7154", url: "https://www.suse.com/security/cve/CVE-2014-7154", }, { category: "external", summary: "SUSE Bug 880751 for CVE-2014-7154", url: "https://bugzilla.suse.com/880751", }, { category: "external", summary: "SUSE Bug 895798 for CVE-2014-7154", url: "https://bugzilla.suse.com/895798", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2014-7154", }, { cve: "CVE-2014-7155", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-7155", }, ], notes: [ { category: "general", text: "The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-7155", url: "https://www.suse.com/security/cve/CVE-2014-7155", }, { category: "external", summary: "SUSE Bug 880751 for CVE-2014-7155", url: "https://bugzilla.suse.com/880751", }, { category: "external", summary: "SUSE Bug 895799 for CVE-2014-7155", url: "https://bugzilla.suse.com/895799", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2014-7155", }, { cve: "CVE-2014-7156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-7156", }, ], notes: [ { category: "general", text: "The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-7156", url: "https://www.suse.com/security/cve/CVE-2014-7156", }, { category: "external", summary: "SUSE Bug 880751 for CVE-2014-7156", url: "https://bugzilla.suse.com/880751", }, { category: "external", summary: "SUSE Bug 895802 for CVE-2014-7156", url: "https://bugzilla.suse.com/895802", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "low", }, ], title: "CVE-2014-7156", }, { cve: "CVE-2014-8594", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8594", }, ], notes: [ { category: "general", text: "The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8594", url: "https://www.suse.com/security/cve/CVE-2014-8594", }, { category: "external", summary: "SUSE Bug 903967 for CVE-2014-8594", url: "https://bugzilla.suse.com/903967", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2014-8594", url: "https://bugzilla.suse.com/903970", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2014-8594", }, { cve: "CVE-2014-8595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8595", }, ], notes: [ { category: "general", text: "arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8595", url: "https://www.suse.com/security/cve/CVE-2014-8595", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2014-8595", url: "https://bugzilla.suse.com/903970", }, { category: "external", summary: "SUSE Bug 907649 for CVE-2014-8595", url: "https://bugzilla.suse.com/907649", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "low", }, ], title: "CVE-2014-8595", }, { cve: "CVE-2014-8866", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8866", }, ], notes: [ { category: "general", text: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8866", url: "https://www.suse.com/security/cve/CVE-2014-8866", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2014-8866", url: "https://bugzilla.suse.com/903970", }, { category: "external", summary: "SUSE Bug 905465 for CVE-2014-8866", url: "https://bugzilla.suse.com/905465", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2014-8866", }, { cve: "CVE-2014-8867", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8867", }, ], notes: [ { category: "general", text: "The acceleration support for the \"REP MOVS\" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8867", url: "https://www.suse.com/security/cve/CVE-2014-8867", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2014-8867", url: "https://bugzilla.suse.com/903970", }, { category: "external", summary: "SUSE Bug 905467 for CVE-2014-8867", url: "https://bugzilla.suse.com/905467", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2014-8867", }, { cve: "CVE-2014-9030", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9030", }, ], notes: [ { category: "general", text: "The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9030", url: "https://www.suse.com/security/cve/CVE-2014-9030", }, { category: "external", summary: "SUSE Bug 903970 for CVE-2014-9030", url: "https://bugzilla.suse.com/903970", }, { category: "external", summary: "SUSE Bug 906439 for CVE-2014-9030", url: "https://bugzilla.suse.com/906439", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "important", }, ], title: "CVE-2014-9030", }, { cve: "CVE-2015-3340", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3340", }, ], notes: [ { category: "general", text: "Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3340", url: "https://www.suse.com/security/cve/CVE-2015-3340", }, { category: "external", summary: "SUSE Bug 927967 for CVE-2015-3340", url: "https://bugzilla.suse.com/927967", }, { category: "external", summary: "SUSE Bug 929339 for CVE-2015-3340", url: "https://bugzilla.suse.com/929339", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "low", }, ], title: "CVE-2015-3340", }, { cve: "CVE-2015-3456", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3456", }, ], notes: [ { category: "general", text: "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3456", url: "https://www.suse.com/security/cve/CVE-2015-3456", }, { category: "external", summary: "SUSE Bug 929339 for CVE-2015-3456", url: "https://bugzilla.suse.com/929339", }, { category: "external", summary: "SUSE Bug 932770 for CVE-2015-3456", url: "https://bugzilla.suse.com/932770", }, { category: "external", summary: "SUSE Bug 935900 for CVE-2015-3456", url: "https://bugzilla.suse.com/935900", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-html-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-doc-pdf-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-libs-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-4.0.3_21548_12-0.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.i586", "SUSE Linux Enterprise Server 11 SP1-TERADATA:xen-tools-domU-4.0.3_21548_12-0.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2012-11-22T17:59:15Z", details: "moderate", }, ], title: "CVE-2015-3456", }, ], }
gsd-2014-8866
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
Aliases
Aliases
{ GSD: { alias: "CVE-2014-8866", description: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", id: "GSD-2014-8866", references: [ "https://www.suse.com/security/cve/CVE-2014-8866.html", "https://www.debian.org/security/2015/dsa-3140", "https://linux.oracle.com/cve/CVE-2014-8866.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2014-8866", ], details: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", id: "GSD-2014-8866", modified: "2023-12-13T01:22:49.656762Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-8866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201504-04", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201504-04", }, { name: "62672", refsource: "SECUNIA", url: "http://secunia.com/advisories/62672", }, { name: "http://support.citrix.com/article/CTX201794", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX201794", }, { name: "http://support.citrix.com/article/CTX200288", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX200288", }, { name: "http://xenbits.xen.org/xsa/advisory-111.html", refsource: "CONFIRM", url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { name: "DSA-3140", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3140", }, { name: "openSUSE-SU-2015:0226", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { name: "openSUSE-SU-2015:0256", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { name: "71332", refsource: "BID", url: "http://www.securityfocus.com/bid/71332", }, { name: "59937", refsource: "SECUNIA", url: "http://secunia.com/advisories/59937", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-8866", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-17", }, ], }, ], }, references: { reference_data: [ { name: "http://xenbits.xen.org/xsa/advisory-111.html", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { name: "71332", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/71332", }, { name: "59937", refsource: "SECUNIA", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/59937", }, { name: "62672", refsource: "SECUNIA", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/62672", }, { name: "DSA-3140", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3140", }, { name: "openSUSE-SU-2015:0256", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { name: "openSUSE-SU-2015:0226", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { name: "http://support.citrix.com/article/CTX201794", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX201794", }, { name: "GLSA-201504-04", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201504-04", }, { name: "http://support.citrix.com/article/CTX200288", refsource: "CONFIRM", tags: [], url: "http://support.citrix.com/article/CTX200288", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2018-10-30T16:27Z", publishedDate: "2014-12-01T15:59Z", }, }, }
fkie_cve-2014-8866
Vulnerability from fkie_nvd
Published
2014-12-01 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| xen | xen | 3.3.0 | |
| xen | xen | 3.3.1 | |
| xen | xen | 3.3.2 | |
| xen | xen | 3.4.0 | |
| xen | xen | 3.4.1 | |
| xen | xen | 3.4.2 | |
| xen | xen | 3.4.3 | |
| xen | xen | 3.4.4 | |
| xen | xen | 4.0.0 | |
| xen | xen | 4.0.1 | |
| xen | xen | 4.0.2 | |
| xen | xen | 4.0.3 | |
| xen | xen | 4.0.4 | |
| xen | xen | 4.1.0 | |
| xen | xen | 4.1.1 | |
| xen | xen | 4.1.2 | |
| xen | xen | 4.1.3 | |
| xen | xen | 4.1.4 | |
| xen | xen | 4.1.5 | |
| xen | xen | 4.1.6.1 | |
| xen | xen | 4.2.0 | |
| xen | xen | 4.2.1 | |
| xen | xen | 4.2.2 | |
| xen | xen | 4.2.3 | |
| xen | xen | 4.3.0 | |
| xen | xen | 4.3.1 | |
| xen | xen | 4.4.0 | |
| xen | xen | 4.4.0 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EB157D09-B91B-486A-A9F7-C9BA75AE8823", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "FA95119D-EAF1-48D4-AE7C-0C4927D06CDF", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "5D40E4E4-3FCB-4980-8DD2-49DDABCB398E", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", matchCriteriaId: "7F7D1B7E-C30F-430F-832D-2A405DA1F2D9", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B7C1D0AD-B804-474C-96A3-988BADA0DAD2", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "1DCD1F05-9F96-40DD-B506-750E87306325", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "60BADA43-94D5-4E80-B5C8-D01A0249F13E", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "550223A9-B9F1-440A-8C25-9F0F76AF7301", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "FC734D58-96E5-4DD2-8781-F8E0ADB96462", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "62CEC1BF-1922-410D-BCBA-C58199F574C7", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0D532B60-C8DD-4A2F-9D05-E574D23EB754", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5D83CA8B-8E49-45FA-8FAB-C15052474542", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "27537DF5-7E0F-463F-BA87-46E329EE07AC", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3EA4F978-9145-4FE6-B4F9-15207E52C40A", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", matchCriteriaId: "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", matchCriteriaId: "219597E2-E2D7-4647-8A7C-688B96300158", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "65E55950-EACA-4209-B2A1-E09026FC6006", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "47640819-FC43-49ED-8A77-728C3D7255B3", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2448537F-87AD-45C1-9FB0-7A49CA31BD76", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C0E23B94-1726-4F63-84BB-8D83FAB156D7", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "1044792C-D544-457C-9391-4F3B5BAB978D", vulnerable: true, }, { criteria: "cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF23B21B-594A-42E2-AF90-D5C4246B39A4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.", }, { lang: "es", value: "La traducción del argumento de hiperllamadas del modo de compatibilidad en Xen 3.3.x hasta 4.4.x, cuando funciona en un hipervisor de 64 bits, permite a invitados locales de HVM de 32 bits causar una denegación de servicio (caída del anfitrión) a través de vectores que involucran la alteración de las mitades altas de registros mientras en el modo de 64 bits.", }, ], id: "CVE-2014-8866", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-12-01T15:59:08.797", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/59937", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/62672", }, { source: "cve@mitre.org", url: "http://support.citrix.com/article/CTX200288", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX201794", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/71332", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201504-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/59937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/62672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.citrix.com/article/CTX200288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX201794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/71332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-111.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201504-04", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-17", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.