xen (SUSE:OpenStack Cloud 5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 5 package xen, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (54)
CVE-2016-4002 — CVSS 9.8 (critical): Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets…
CVE-2016-6258 — CVSS 8.8 (high): The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges…
CVE-2016-3710 — CVSS 8.8 (high): The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to…
CVE-2016-9383 — CVSS 8.8 (high): Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive…
CVE-2016-3960 — CVSS 8.8 (high): Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly…
CVE-2016-4001 — CVSS 8.6 (high): Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is…
CVE-2016-4480 — CVSS 8.4 (high): The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table…
CVE-2016-7092 — CVSS 8.2 (high): The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via…
CVE-2017-7228 — CVSS 8.2 (high): An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix…
CVE-2016-9379 — CVSS 7.9 (high): The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to…
CVE-2016-9386 — CVSS 7.8 (high): The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest…
CVE-2016-10013 — CVSS 7.8 (high): Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during…
CVE-2016-9382 — CVSS 7.8 (high): Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or…
CVE-2017-7980 — CVSS 7.8 (high): Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute…
CVE-2016-5338 — CVSS 7.8 (high): The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of…
CVE-2016-9380 — CVSS 7.5 (high): The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to…
CVE-2016-9637 — CVSS 7.5 (high): The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest…
CVE-2016-9381 — CVSS 7.5 (high): Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka…
CVE-2016-4439 — CVSS 6.7 (medium): The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer…
CVE-2016-6351 — CVSS 6.7 (medium): The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows…
CVE-2016-9921 — CVSS 6.5 (medium): Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while…
CVE-2014-3672 — CVSS 6.5 (medium): The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by…
CVE-2017-6505 — CVSS 6.5 (medium): The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a…
CVE-2016-9911 — CVSS 6.5 (medium): Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing…
CVE-2017-6414 — CVSS 6.5 (medium): Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of…
CVE-2016-7777 — CVSS 6.3 (medium): Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or…
CVE-2016-10024 — CVSS 6.0 (medium): Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the…
CVE-2016-10155 — CVSS 6.0 (medium): Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service…
CVE-2016-8667 — CVSS 6.0 (medium): The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service…
CVE-2016-8669 — CVSS 6.0 (medium): The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a…
CVE-2016-8909 — CVSS 6.0 (medium): The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of…
CVE-2016-8910 — CVSS 6.0 (medium): The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial…
CVE-2016-4441 — CVSS 6.0 (medium): The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which…
CVE-2016-9101 — CVSS 6.0 (medium): Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory…
CVE-2016-4454 — CVSS 6.0 (medium): The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory…
CVE-2016-9776 — CVSS 5.5 (medium): QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It…
CVE-2016-3712 — CVSS 5.5 (medium): Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process…
CVE-2016-5403 — CVSS 5.5 (medium): The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory…
CVE-2016-9603 — CVSS 5.5 (medium): A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could…
CVE-2016-9922 — CVSS 5.5 (medium): The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest…
CVE-2017-2615 — CVSS 5.5 (medium): Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur…
CVE-2017-2620 — CVSS 5.5 (medium): Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The…
CVE-2017-7718 — CVSS 5.5 (medium): hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds…
CVE-2014-8106 — CVSS 4.6 (medium): Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute…
CVE-2016-5238 — CVSS 4.4 (medium): The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write…
CVE-2016-4453 — CVSS 4.4 (medium): The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite…
CVE-2016-7909 — CVSS 4.4 (medium): The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of…
CVE-2016-7908 — CVSS 4.4 (medium): The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when…
CVE-2016-7094 — CVSS 4.1 (medium): Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a…
CVE-2016-3159 — CVSS 3.8 (low): The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64…
CVE-2017-7995 — CVSS 3.8 (low): Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory…
CVE-2016-3158 — CVSS 3.8 (low): The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64…
CVE-2016-9932 — CVSS 3.3 (low): CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host…
CVE-2014-3615 — CVSS 2.1 (low): The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.