Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19580 (GCVE-0-2019-19580)
Vulnerability from cvelistv5 – Published: 2019-12-11 16:51 – Updated: 2024-08-05 02:16
VLAI?
EPSS
Summary
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-310.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19580",
"datePublished": "2019-12-11T16:51:43",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-05T02:16:48.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\", \"versionEndIncluding\": \"4.12.1\", \"matchCriteriaId\": \"18F9F58D-58A0-4356-AB70-E5ACF913BFCA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\\u00f3n y degradaci\\u00f3n de tablas de p\\u00e1ginas, debido a una soluci\\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\\u00f3 varios problemas cr\\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\\u00e1n afectados. Los sistemas ARM no est\\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\\u00edcil de explotar en la pr\\u00e1ctica.\"}]",
"id": "CVE-2019-19580",
"lastModified": "2024-11-21T04:34:59.233",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.7, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-12-11T18:16:19.397",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-310.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-310.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19580\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-11T18:16:19.397\",\"lastModified\":\"2024-11-21T04:34:59.233\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\u00f3n y degradaci\u00f3n de tablas de p\u00e1ginas, debido a una soluci\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\u00f3 varios problemas cr\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\u00e1n afectados. Los sistemas ARM no est\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\u00edcil de explotar en la pr\u00e1ctica.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionEndIncluding\":\"4.12.1\",\"matchCriteriaId\":\"18F9F58D-58A0-4356-AB70-E5ACF913BFCA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-310.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-310.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
OPENSUSE-SU-2020:0011-1
Vulnerability from csaf_opensuse - Published: 2020-01-13 15:16 - Updated: 2020-01-13 15:16Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames
openSUSE-2020-11
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access \n to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047). \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-11",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0011-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0011-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4KE3WRZH73TP6XEJRYK5KUAKIEZXPRY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0011-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4KE3WRZH73TP6XEJRYK5KUAKIEZXPRY/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-01-13T15:16:17Z",
"generator": {
"date": "2020-01-13T15:16:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0011-1",
"initial_release_date": "2020-01-13T15:16:17Z",
"revision_history": [
{
"date": "2020-01-13T15:16:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-lp151.2.9.1.i586",
"product": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.i586",
"product_id": "xen-devel-4.12.1_06-lp151.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-lp151.2.9.1.i586",
"product": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.i586",
"product_id": "xen-libs-4.12.1_06-lp151.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"product": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"product_id": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586"
},
"product_reference": "xen-devel-4.12.1_06-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586"
},
"product_reference": "xen-libs-4.12.1_06-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586"
},
"product_reference": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
SUSE-SU-2019:3296-1
Vulnerability from csaf_suse - Published: 2019-12-13 17:30 - Updated: 2019-12-13 17:30Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
Patchnames
SUSE-2019-3296,SUSE-SLE-SDK-12-SP5-2019-3296,SUSE-SLE-SERVER-12-SP5-2019-3296
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-3296,SUSE-SLE-SDK-12-SP5-2019-3296,SUSE-SLE-SERVER-12-SP5-2019-3296",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3296-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:3296-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193296-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:3296-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006255.html"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-12-13T17:30:44Z",
"generator": {
"date": "2019-12-13T17:30:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:3296-1",
"initial_release_date": "2019-12-13T17:30:44Z",
"revision_history": [
{
"date": "2019-12-13T17:30:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_10-3.8.1.aarch64",
"product": {
"name": "xen-4.12.1_10-3.8.1.aarch64",
"product_id": "xen-4.12.1_10-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_10-3.8.1.aarch64",
"product": {
"name": "xen-devel-4.12.1_10-3.8.1.aarch64",
"product_id": "xen-devel-4.12.1_10-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_10-3.8.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.1_10-3.8.1.aarch64",
"product_id": "xen-doc-html-4.12.1_10-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_10-3.8.1.aarch64",
"product": {
"name": "xen-libs-4.12.1_10-3.8.1.aarch64",
"product_id": "xen-libs-4.12.1_10-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_10-3.8.1.aarch64",
"product": {
"name": "xen-tools-4.12.1_10-3.8.1.aarch64",
"product_id": "xen-tools-4.12.1_10-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_10-3.8.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.1_10-3.8.1.aarch64",
"product_id": "xen-tools-domU-4.12.1_10-3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.1_10-3.8.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.1_10-3.8.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.1_10-3.8.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.1_10-3.8.1.i586",
"product": {
"name": "xen-devel-4.12.1_10-3.8.1.i586",
"product_id": "xen-devel-4.12.1_10-3.8.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_10-3.8.1.i586",
"product": {
"name": "xen-libs-4.12.1_10-3.8.1.i586",
"product_id": "xen-libs-4.12.1_10-3.8.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_10-3.8.1.i586",
"product": {
"name": "xen-tools-domU-4.12.1_10-3.8.1.i586",
"product_id": "xen-tools-domU-4.12.1_10-3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-4.12.1_10-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-devel-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-devel-4.12.1_10-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-doc-html-4.12.1_10-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-libs-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-libs-4.12.1_10-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-tools-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-tools-4.12.1_10-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"product_id": "xen-tools-domU-4.12.1_10-3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_10-3.8.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64"
},
"product_reference": "xen-devel-4.12.1_10-3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-devel-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-libs-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-tools-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-libs-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-tools-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_10-3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:30:44Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:30:44Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:30:44Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:30:44Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:30:44Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.1_10-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.1_10-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:30:44Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
SUSE-SU-2020:0334-1
Vulnerability from csaf_suse - Published: 2020-02-06 10:01 - Updated: 2020-02-06 10:01Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181).
- CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888).
- CVE-2019-19581: find_next_bit() issues (bsc#1158003).
- CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004).
- CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005).
- CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006).
- CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007).
- CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448).
- CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456).
- CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458).
- CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461).
- CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945).
- CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497).
Patchnames
SUSE-2020-334,SUSE-OpenStack-Cloud-7-2020-334,SUSE-SLE-SAP-12-SP2-2020-334,SUSE-SLE-SERVER-12-SP2-2020-334,SUSE-SLE-SERVER-12-SP2-BCL-2020-334
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181).\n- CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888).\n- CVE-2019-19581: find_next_bit() issues (bsc#1158003).\n- CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004).\n- CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005).\n- CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006).\n- CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007).\n- CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448).\n- CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456).\n- CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458).\n- CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461).\n- CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945).\n- CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-334,SUSE-OpenStack-Cloud-7-2020-334,SUSE-SLE-SAP-12-SP2-2020-334,SUSE-SLE-SERVER-12-SP2-2020-334,SUSE-SLE-SERVER-12-SP2-BCL-2020-334",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0334-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0334-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200334-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0334-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-February/006456.html"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE Bug 1161181",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7211/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-02-06T10:01:20Z",
"generator": {
"date": "2020-02-06T10:01:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0334-1",
"initial_release_date": "2020-02-06T10:01:20Z",
"revision_history": [
{
"date": "2020-02-06T10:01:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.7.6_06-43.59.1.i586",
"product": {
"name": "xen-devel-4.7.6_06-43.59.1.i586",
"product_id": "xen-devel-4.7.6_06-43.59.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_06-43.59.1.i586",
"product": {
"name": "xen-libs-4.7.6_06-43.59.1.i586",
"product_id": "xen-libs-4.7.6_06-43.59.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_06-43.59.1.i586",
"product": {
"name": "xen-tools-domU-4.7.6_06-43.59.1.i586",
"product_id": "xen-tools-domU-4.7.6_06-43.59.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-4.7.6_06-43.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-devel-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-devel-4.7.6_06-43.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-doc-html-4.7.6_06-43.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-libs-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-libs-4.7.6_06-43.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-tools-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-tools-4.7.6_06-43.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"product_id": "xen-tools-domU-4.7.6_06-43.59.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
},
{
"cve": "CVE-2020-7211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7211"
}
],
"notes": [
{
"category": "general",
"text": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7211",
"url": "https://www.suse.com/security/cve/CVE-2020-7211"
},
{
"category": "external",
"summary": "SUSE Bug 1161180 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161180"
},
{
"category": "external",
"summary": "SUSE Bug 1161181 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.59.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-06T10:01:20Z",
"details": "moderate"
}
],
"title": "CVE-2020-7211"
}
]
}
SUSE-SU-2019:3297-1
Vulnerability from csaf_suse - Published: 2019-12-13 17:31 - Updated: 2019-12-13 17:31Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash,
resulting in a denial of service (bsc#1154448 XSA-296)
- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that
of the guest kernel. (bsc#1154456 XSA-298).
- CVE-2019-18421: A malicious PV guest administrator may have been able to
escalate their privilege to that of the host. (bsc#1154458 XSA-299).
- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,
resulting in a denial of service (bsc#1154460 XSA-301).
- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical
Xen code to run with interrupts erroneously enabled. This could lead to data
corruption, denial of service, or possibly even privilege escalation. However
a precise attack technique has not been identified. (bsc#1154464 XSA-303)
- CVE-2019-18424: An untrusted domain with access to a physical device can DMA
into host memory, leading to privilege escalation. (bsc#1154461 XSA-302).
- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race
condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine
Exception during Page Size Change, causing the CPU core to be non-functional.
(bsc#1155945 XSA-304)
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497 XSA-305).
Patchnames
HPE-Helion-OpenStack-8-2019-3297,SUSE-2019-3297,SUSE-OpenStack-Cloud-8-2019-3297,SUSE-OpenStack-Cloud-Crowbar-8-2019-3297,SUSE-SLE-SAP-12-SP3-2019-3297,SUSE-SLE-SERVER-12-SP3-2019-3297,SUSE-SLE-SERVER-12-SP3-BCL-2019-3297,SUSE-Storage-5-2019-3297
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access \n to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, \n resulting in a denial of service (bsc#1154448 XSA-296)\n- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that \n of the guest kernel. (bsc#1154456 XSA-298).\n- CVE-2019-18421: A malicious PV guest administrator may have been able to\n escalate their privilege to that of the host. (bsc#1154458 XSA-299).\n- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,\n resulting in a denial of service (bsc#1154460 XSA-301).\n- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical \n Xen code to run with interrupts erroneously enabled. This could lead to data\n corruption, denial of service, or possibly even privilege escalation. However\n a precise attack technique has not been identified. (bsc#1154464 XSA-303)\n- CVE-2019-18424: An untrusted domain with access to a physical device can DMA \n into host memory, leading to privilege escalation. (bsc#1154461 XSA-302). \n- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race\n condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine\n Exception during Page Size Change, causing the CPU core to be non-functional.\n (bsc#1155945 XSA-304) \n- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with\n Transactional Memory support could be used to facilitate sidechannel\n information leaks out of microarchitectural buffers, similar to the\n previously described \u0027Microarchitectural Data Sampling\u0027 attack. (bsc#1152497 XSA-305). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2019-3297,SUSE-2019-3297,SUSE-OpenStack-Cloud-8-2019-3297,SUSE-OpenStack-Cloud-Crowbar-8-2019-3297,SUSE-SLE-SAP-12-SP3-2019-3297,SUSE-SLE-SERVER-12-SP3-2019-3297,SUSE-SLE-SERVER-12-SP3-BCL-2019-3297,SUSE-Storage-5-2019-3297",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3297-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:3297-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193297-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:3297-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006253.html"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154460",
"url": "https://bugzilla.suse.com/1154460"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1154464",
"url": "https://bugzilla.suse.com/1154464"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18422 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18423 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-12-13T17:31:37Z",
"generator": {
"date": "2019-12-13T17:31:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:3297-1",
"initial_release_date": "2019-12-13T17:31:37Z",
"revision_history": [
{
"date": "2019-12-13T17:31:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_06-3.59.1.aarch64",
"product": {
"name": "xen-4.9.4_06-3.59.1.aarch64",
"product_id": "xen-4.9.4_06-3.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_06-3.59.1.aarch64",
"product": {
"name": "xen-devel-4.9.4_06-3.59.1.aarch64",
"product_id": "xen-devel-4.9.4_06-3.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_06-3.59.1.aarch64",
"product": {
"name": "xen-doc-html-4.9.4_06-3.59.1.aarch64",
"product_id": "xen-doc-html-4.9.4_06-3.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_06-3.59.1.aarch64",
"product": {
"name": "xen-libs-4.9.4_06-3.59.1.aarch64",
"product_id": "xen-libs-4.9.4_06-3.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_06-3.59.1.aarch64",
"product": {
"name": "xen-tools-4.9.4_06-3.59.1.aarch64",
"product_id": "xen-tools-4.9.4_06-3.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_06-3.59.1.aarch64",
"product": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.aarch64",
"product_id": "xen-tools-domU-4.9.4_06-3.59.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.9.4_06-3.59.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.9.4_06-3.59.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.9.4_06-3.59.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.4_06-3.59.1.i586",
"product": {
"name": "xen-devel-4.9.4_06-3.59.1.i586",
"product_id": "xen-devel-4.9.4_06-3.59.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_06-3.59.1.i586",
"product": {
"name": "xen-libs-4.9.4_06-3.59.1.i586",
"product_id": "xen-libs-4.9.4_06-3.59.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_06-3.59.1.i586",
"product": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.i586",
"product_id": "xen-tools-domU-4.9.4_06-3.59.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-4.9.4_06-3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-doc-html-4.9.4_06-3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-libs-4.9.4_06-3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-tools-4.9.4_06-3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-tools-domU-4.9.4_06-3.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_06-3.59.1.x86_64",
"product": {
"name": "xen-devel-4.9.4_06-3.59.1.x86_64",
"product_id": "xen-devel-4.9.4_06-3.59.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.59.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.59.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.59.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.59.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.59.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18422"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18422",
"url": "https://www.suse.com/security/cve/CVE-2019-18422"
},
{
"category": "external",
"summary": "SUSE Bug 1154464 for CVE-2019-18422",
"url": "https://bugzilla.suse.com/1154464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-18422"
},
{
"cve": "CVE-2019-18423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18423"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m-\u003emax_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m-\u003emax_mapped_gfn will be updated using the original frame. It would be possible to set p2m-\u003emax_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m-\u003emax_mapped_gfn is off-by-one allowing \"highest mapped + 1\" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18423",
"url": "https://www.suse.com/security/cve/CVE-2019-18423"
},
{
"category": "external",
"summary": "SUSE Bug 1154460 for CVE-2019-18423",
"url": "https://bugzilla.suse.com/1154460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-18423"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.59.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-13T17:31:37Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
SUSE-SU-2019:3310-1
Vulnerability from csaf_suse - Published: 2019-12-16 13:53 - Updated: 2019-12-16 13:53Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,
resulting in a Denial of Service (DoS). (bsc#1154460).
- CVE-2019-18424: An untrusted domain with access to a physical device can DMA
into host memory, leading to privilege escalation. (bsc#1154461).
- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical
Xen code to run with interrupts erroneously enabled. This could lead to data
corruption, denial of service, or possibly even privilege escalation. However
a precise attack technique has not been identified. (bsc#1154464)
Patchnames
SUSE-2019-3310,SUSE-SLE-DESKTOP-12-SP4-2019-3310,SUSE-SLE-SDK-12-SP4-2019-3310,SUSE-SLE-SERVER-12-SP4-2019-3310
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access \n to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,\n resulting in a Denial of Service (DoS). (bsc#1154460).\n- CVE-2019-18424: An untrusted domain with access to a physical device can DMA \n into host memory, leading to privilege escalation. (bsc#1154461).\n- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical \n Xen code to run with interrupts erroneously enabled. This could lead to data\n corruption, denial of service, or possibly even privilege escalation. However\n a precise attack technique has not been identified. (bsc#1154464)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-3310,SUSE-SLE-DESKTOP-12-SP4-2019-3310,SUSE-SLE-SDK-12-SP4-2019-3310,SUSE-SLE-SERVER-12-SP4-2019-3310",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3310-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:3310-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193310-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:3310-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006259.html"
},
{
"category": "self",
"summary": "SUSE Bug 1154460",
"url": "https://bugzilla.suse.com/1154460"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1154464",
"url": "https://bugzilla.suse.com/1154464"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18422 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18423 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-12-16T13:53:18Z",
"generator": {
"date": "2019-12-16T13:53:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:3310-1",
"initial_release_date": "2019-12-16T13:53:18Z",
"revision_history": [
{
"date": "2019-12-16T13:53:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.3_02-2.20.1.aarch64",
"product": {
"name": "xen-4.11.3_02-2.20.1.aarch64",
"product_id": "xen-4.11.3_02-2.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.3_02-2.20.1.aarch64",
"product": {
"name": "xen-devel-4.11.3_02-2.20.1.aarch64",
"product_id": "xen-devel-4.11.3_02-2.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.3_02-2.20.1.aarch64",
"product": {
"name": "xen-doc-html-4.11.3_02-2.20.1.aarch64",
"product_id": "xen-doc-html-4.11.3_02-2.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.3_02-2.20.1.aarch64",
"product": {
"name": "xen-libs-4.11.3_02-2.20.1.aarch64",
"product_id": "xen-libs-4.11.3_02-2.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.3_02-2.20.1.aarch64",
"product": {
"name": "xen-tools-4.11.3_02-2.20.1.aarch64",
"product_id": "xen-tools-4.11.3_02-2.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.3_02-2.20.1.aarch64",
"product": {
"name": "xen-tools-domU-4.11.3_02-2.20.1.aarch64",
"product_id": "xen-tools-domU-4.11.3_02-2.20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.11.3_02-2.20.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.11.3_02-2.20.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.11.3_02-2.20.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.11.3_02-2.20.1.i586",
"product": {
"name": "xen-devel-4.11.3_02-2.20.1.i586",
"product_id": "xen-devel-4.11.3_02-2.20.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.3_02-2.20.1.i586",
"product": {
"name": "xen-libs-4.11.3_02-2.20.1.i586",
"product_id": "xen-libs-4.11.3_02-2.20.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.3_02-2.20.1.i586",
"product": {
"name": "xen-tools-domU-4.11.3_02-2.20.1.i586",
"product_id": "xen-tools-domU-4.11.3_02-2.20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-4.11.3_02-2.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-devel-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-devel-4.11.3_02-2.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-doc-html-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-doc-html-4.11.3_02-2.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-libs-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-libs-4.11.3_02-2.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-tools-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-tools-4.11.3_02-2.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"product": {
"name": "xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"product_id": "xen-tools-domU-4.11.3_02-2.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-libs-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.3_02-2.20.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64"
},
"product_reference": "xen-devel-4.11.3_02-2.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-devel-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-doc-html-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-libs-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-tools-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-doc-html-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-libs-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-tools-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.3_02-2.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64"
},
"product_reference": "xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18422"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18422",
"url": "https://www.suse.com/security/cve/CVE-2019-18422"
},
{
"category": "external",
"summary": "SUSE Bug 1154464 for CVE-2019-18422",
"url": "https://bugzilla.suse.com/1154464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "important"
}
],
"title": "CVE-2019-18422"
},
{
"cve": "CVE-2019-18423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18423"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m-\u003emax_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m-\u003emax_mapped_gfn will be updated using the original frame. It would be possible to set p2m-\u003emax_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m-\u003emax_mapped_gfn is off-by-one allowing \"highest mapped + 1\" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18423",
"url": "https://www.suse.com/security/cve/CVE-2019-18423"
},
{
"category": "external",
"summary": "SUSE Bug 1154460 for CVE-2019-18423",
"url": "https://bugzilla.suse.com/1154460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "important"
}
],
"title": "CVE-2019-18423"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.3_02-2.20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.3_02-2.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:53:18Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
SUSE-SU-2020:14444-1
Vulnerability from csaf_suse - Published: 2020-08-04 13:17 - Updated: 2020-08-04 13:17Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- bsc#1174543 - secure boot related fixes
- bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages
- bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy
- bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues
- bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host
- bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci assignment methods
- bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions and blocked states
- bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts
- bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type change operations
- bsc#1158007 - CVE-2019-19577: dynamic height for the IOMMU pagetables
- bsc#1154448 - CVE-2019-18420: VCPUOP_initialise DoS
- bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation
- bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations
- bsc#1154461 - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment
- bsc#1155945 - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue)
- bsc#1152497 - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue
Patchnames
slessp4-xen-14444
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- bsc#1174543 - secure boot related fixes\n- bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages\n- bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n- bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues\n- bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host\n- bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci assignment methods\n- bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions and blocked states\n- bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts\n- bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type change operations\n- bsc#1158007 - CVE-2019-19577: dynamic height for the IOMMU pagetables \n- bsc#1154448 - CVE-2019-18420: VCPUOP_initialise DoS\n- bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation\n- bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations\n- bsc#1154461 - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment\n- bsc#1155945 - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue)\n- bsc#1152497 - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-xen-14444",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14444-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:14444-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014444-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:14444-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-August/007221.html"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE Bug 1161181",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "self",
"summary": "SUSE Bug 1163019",
"url": "https://bugzilla.suse.com/1163019"
},
{
"category": "self",
"summary": "SUSE Bug 1168140",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "self",
"summary": "SUSE Bug 1169392",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "self",
"summary": "SUSE Bug 1174543",
"url": "https://bugzilla.suse.com/1174543"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11742 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8608 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8608/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-08-04T13:17:01Z",
"generator": {
"date": "2020-08-04T13:17:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:14444-1",
"initial_release_date": "2020-08-04T13:17:01Z",
"revision_history": [
{
"date": "2020-08-04T13:17:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"product": {
"name": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"product_id": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"product_id": "xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_42-61.52.1.i586",
"product": {
"name": "xen-libs-4.4.4_42-61.52.1.i586",
"product_id": "xen-libs-4.4.4_42-61.52.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_42-61.52.1.i586",
"product": {
"name": "xen-tools-domU-4.4.4_42-61.52.1.i586",
"product_id": "xen-tools-domU-4.4.4_42-61.52.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.4_42-61.52.1.x86_64",
"product": {
"name": "xen-4.4.4_42-61.52.1.x86_64",
"product_id": "xen-4.4.4_42-61.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_42-61.52.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_42-61.52.1.x86_64",
"product_id": "xen-doc-html-4.4.4_42-61.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_42-61.52.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_42-61.52.1.x86_64",
"product_id": "xen-libs-4.4.4_42-61.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_42-61.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_42-61.52.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_42-61.52.1.x86_64",
"product_id": "xen-tools-4.4.4_42-61.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_42-61.52.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_42-61.52.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_42-61.52.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_42-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64"
},
"product_reference": "xen-4.4.4_42-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_42-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_42-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_42-61.52.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586"
},
"product_reference": "xen-libs-4.4.4_42-61.52.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_42-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_42-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_42-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_42-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_42-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_42-61.52.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_42-61.52.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_42-61.52.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_42-61.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
},
{
"cve": "CVE-2020-11740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11740"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11740",
"url": "https://www.suse.com/security/cve/CVE-2020-11740"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2020-11740"
},
{
"cve": "CVE-2020-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11741"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11741",
"url": "https://www.suse.com/security/cve/CVE-2020-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2020-11741"
},
{
"cve": "CVE-2020-11742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11742"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11742",
"url": "https://www.suse.com/security/cve/CVE-2020-11742"
},
{
"category": "external",
"summary": "SUSE Bug 1169392 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-11742"
},
{
"cve": "CVE-2020-7211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7211"
}
],
"notes": [
{
"category": "general",
"text": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7211",
"url": "https://www.suse.com/security/cve/CVE-2020-7211"
},
{
"category": "external",
"summary": "SUSE Bug 1161180 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161180"
},
{
"category": "external",
"summary": "SUSE Bug 1161181 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2020-7211"
},
{
"cve": "CVE-2020-8608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8608"
}
],
"notes": [
{
"category": "general",
"text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8608",
"url": "https://www.suse.com/security/cve/CVE-2020-8608"
},
{
"category": "external",
"summary": "SUSE Bug 1163018 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "external",
"summary": "SUSE Bug 1163019 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_42-61.52.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_42-61.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-04T13:17:01Z",
"details": "important"
}
],
"title": "CVE-2020-8608"
}
]
}
SUSE-SU-2020:1630-1
Vulnerability from csaf_suse - Published: 2020-06-16 15:01 - Updated: 2020-06-16 15:01Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it.
This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).
- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).
- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).
- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- Xenstored Crashed during VM install (bsc#1167152)
Patchnames
HPE-Helion-OpenStack-8-2020-1630,SUSE-2020-1630,SUSE-OpenStack-Cloud-8-2020-1630,SUSE-OpenStack-Cloud-Crowbar-8-2020-1630,SUSE-SLE-SAP-12-SP3-2020-1630,SUSE-SLE-SERVER-12-SP3-2020-1630,SUSE-SLE-SERVER-12-SP3-BCL-2020-1630,SUSE-Storage-5-2020-1630
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it.\n This attack is known as Special Register Buffer Data Sampling (SRBDS) or \u0027CrossTalk\u0027 (bsc#1172205).\n- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).\n- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).\n- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- Xenstored Crashed during VM install (bsc#1167152)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-1630,SUSE-2020-1630,SUSE-OpenStack-Cloud-8-2020-1630,SUSE-OpenStack-Cloud-Crowbar-8-2020-1630,SUSE-SLE-SAP-12-SP3-2020-1630,SUSE-SLE-SERVER-12-SP3-2020-1630,SUSE-SLE-SERVER-12-SP3-BCL-2020-1630,SUSE-Storage-5-2020-1630",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1630-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1630-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201630-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1630-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/006956.html"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE Bug 1161181",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "self",
"summary": "SUSE Bug 1167152",
"url": "https://bugzilla.suse.com/1167152"
},
{
"category": "self",
"summary": "SUSE Bug 1168140",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "self",
"summary": "SUSE Bug 1168142",
"url": "https://bugzilla.suse.com/1168142"
},
{
"category": "self",
"summary": "SUSE Bug 1169392",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "self",
"summary": "SUSE Bug 1172205",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0543 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11742 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7211/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-06-16T15:01:26Z",
"generator": {
"date": "2020-06-16T15:01:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1630-1",
"initial_release_date": "2020-06-16T15:01:26Z",
"revision_history": [
{
"date": "2020-06-16T15:01:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_06-3.62.1.aarch64",
"product": {
"name": "xen-4.9.4_06-3.62.1.aarch64",
"product_id": "xen-4.9.4_06-3.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_06-3.62.1.aarch64",
"product": {
"name": "xen-devel-4.9.4_06-3.62.1.aarch64",
"product_id": "xen-devel-4.9.4_06-3.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_06-3.62.1.aarch64",
"product": {
"name": "xen-doc-html-4.9.4_06-3.62.1.aarch64",
"product_id": "xen-doc-html-4.9.4_06-3.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_06-3.62.1.aarch64",
"product": {
"name": "xen-libs-4.9.4_06-3.62.1.aarch64",
"product_id": "xen-libs-4.9.4_06-3.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_06-3.62.1.aarch64",
"product": {
"name": "xen-tools-4.9.4_06-3.62.1.aarch64",
"product_id": "xen-tools-4.9.4_06-3.62.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_06-3.62.1.aarch64",
"product": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.aarch64",
"product_id": "xen-tools-domU-4.9.4_06-3.62.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.9.4_06-3.62.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.9.4_06-3.62.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.9.4_06-3.62.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.4_06-3.62.1.i586",
"product": {
"name": "xen-devel-4.9.4_06-3.62.1.i586",
"product_id": "xen-devel-4.9.4_06-3.62.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_06-3.62.1.i586",
"product": {
"name": "xen-libs-4.9.4_06-3.62.1.i586",
"product_id": "xen-libs-4.9.4_06-3.62.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_06-3.62.1.i586",
"product": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.i586",
"product_id": "xen-tools-domU-4.9.4_06-3.62.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-4.9.4_06-3.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-doc-html-4.9.4_06-3.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-libs-4.9.4_06-3.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-tools-4.9.4_06-3.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-tools-domU-4.9.4_06-3.62.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_06-3.62.1.x86_64",
"product": {
"name": "xen-devel-4.9.4_06-3.62.1.x86_64",
"product_id": "xen-devel-4.9.4_06-3.62.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_06-3.62.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_06-3.62.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_06-3.62.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_06-3.62.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_06-3.62.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
},
{
"cve": "CVE-2020-0543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0543"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0543",
"url": "https://www.suse.com/security/cve/CVE-2020-0543"
},
{
"category": "external",
"summary": "SUSE Bug 1154824 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1154824"
},
{
"category": "external",
"summary": "SUSE Bug 1172205 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "external",
"summary": "SUSE Bug 1172206 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172206"
},
{
"category": "external",
"summary": "SUSE Bug 1172207 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172207"
},
{
"category": "external",
"summary": "SUSE Bug 1172770 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172770"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "moderate"
}
],
"title": "CVE-2020-0543"
},
{
"cve": "CVE-2020-11739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11739"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don\u0027t contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the \"critical\" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11739",
"url": "https://www.suse.com/security/cve/CVE-2020-11739"
},
{
"category": "external",
"summary": "SUSE Bug 1168142 for CVE-2020-11739",
"url": "https://bugzilla.suse.com/1168142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2020-11739"
},
{
"cve": "CVE-2020-11740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11740"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11740",
"url": "https://www.suse.com/security/cve/CVE-2020-11740"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2020-11740"
},
{
"cve": "CVE-2020-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11741"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11741",
"url": "https://www.suse.com/security/cve/CVE-2020-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2020-11741"
},
{
"cve": "CVE-2020-11742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11742"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11742",
"url": "https://www.suse.com/security/cve/CVE-2020-11742"
},
{
"category": "external",
"summary": "SUSE Bug 1169392 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "moderate"
}
],
"title": "CVE-2020-11742"
},
{
"cve": "CVE-2020-7211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7211"
}
],
"notes": [
{
"category": "general",
"text": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7211",
"url": "https://www.suse.com/security/cve/CVE-2020-7211"
},
{
"category": "external",
"summary": "SUSE Bug 1161180 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161180"
},
{
"category": "external",
"summary": "SUSE Bug 1161181 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_06-3.62.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_06-3.62.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-16T15:01:26Z",
"details": "moderate"
}
],
"title": "CVE-2020-7211"
}
]
}
SUSE-SU-2019:3338-1
Vulnerability from csaf_suse - Published: 2019-12-18 17:18 - Updated: 2019-12-18 17:18Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047).
Patchnames
SUSE-2019-3338,SUSE-SLE-Module-Basesystem-15-SP1-2019-3338,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3338,SUSE-SLE-Module-Server-Applications-15-SP1-2019-3338
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access \n to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-3338,SUSE-SLE-Module-Basesystem-15-SP1-2019-3338,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3338,SUSE-SLE-Module-Server-Applications-15-SP1-2019-3338",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3338-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:3338-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193338-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:3338-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006271.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1157047",
"url": "https://bugzilla.suse.com/1157047"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-12-18T17:18:17Z",
"generator": {
"date": "2019-12-18T17:18:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:3338-1",
"initial_release_date": "2019-12-18T17:18:17Z",
"revision_history": [
{
"date": "2019-12-18T17:18:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_06-3.9.1.aarch64",
"product": {
"name": "xen-4.12.1_06-3.9.1.aarch64",
"product_id": "xen-4.12.1_06-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-3.9.1.aarch64",
"product": {
"name": "xen-devel-4.12.1_06-3.9.1.aarch64",
"product_id": "xen-devel-4.12.1_06-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_06-3.9.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.1_06-3.9.1.aarch64",
"product_id": "xen-doc-html-4.12.1_06-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-3.9.1.aarch64",
"product": {
"name": "xen-libs-4.12.1_06-3.9.1.aarch64",
"product_id": "xen-libs-4.12.1_06-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_06-3.9.1.aarch64",
"product": {
"name": "xen-tools-4.12.1_06-3.9.1.aarch64",
"product_id": "xen-tools-4.12.1_06-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-3.9.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.1_06-3.9.1.aarch64",
"product_id": "xen-tools-domU-4.12.1_06-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.1_06-3.9.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.1_06-3.9.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.1_06-3.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-3.9.1.i586",
"product": {
"name": "xen-devel-4.12.1_06-3.9.1.i586",
"product_id": "xen-devel-4.12.1_06-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-3.9.1.i586",
"product": {
"name": "xen-libs-4.12.1_06-3.9.1.i586",
"product_id": "xen-libs-4.12.1_06-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-3.9.1.i586",
"product": {
"name": "xen-tools-domU-4.12.1_06-3.9.1.i586",
"product_id": "xen-tools-domU-4.12.1_06-3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-4.12.1_06-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-devel-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-devel-4.12.1_06-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-doc-html-4.12.1_06-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-libs-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-libs-4.12.1_06-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-libs-32bit-4.12.1_06-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-tools-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-tools-4.12.1_06-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"product_id": "xen-tools-domU-4.12.1_06-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_06-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64"
},
"product_reference": "xen-libs-4.12.1_06-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_06-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.1_06-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64"
},
"product_reference": "xen-4.12.1_06-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_06-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64"
},
"product_reference": "xen-devel-4.12.1_06-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.1_06-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
},
"product_reference": "xen-tools-4.12.1_06-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_06-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_06-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-18T17:18:17Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
SUSE-SU-2019:3309-1
Vulnerability from csaf_suse - Published: 2019-12-16 13:52 - Updated: 2019-12-16 13:52Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,
resulting in a Denial of Service (DoS) (bsc#1154460 XSA-301).
- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical
Xen code to run with interrupts erroneously enabled. This could lead to data
corruption, denial of service, or possibly even privilege escalation. However
a precise attack technique has not been identified. (bsc#1154464 XSA-303)
Patchnames
SUSE-2019-3309,SUSE-SLE-Module-Basesystem-15-2019-3309,SUSE-SLE-Module-Server-Applications-15-2019-3309
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access \n to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,\n resulting in a Denial of Service (DoS) (bsc#1154460 XSA-301). \n- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical \n Xen code to run with interrupts erroneously enabled. This could lead to data\n corruption, denial of service, or possibly even privilege escalation. However\n a precise attack technique has not been identified. (bsc#1154464 XSA-303)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-3309,SUSE-SLE-Module-Basesystem-15-2019-3309,SUSE-SLE-Module-Server-Applications-15-2019-3309",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3309-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:3309-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193309-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:3309-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006260.html"
},
{
"category": "self",
"summary": "SUSE Bug 1154460",
"url": "https://bugzilla.suse.com/1154460"
},
{
"category": "self",
"summary": "SUSE Bug 1154464",
"url": "https://bugzilla.suse.com/1154464"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18422 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18423 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-12-16T13:52:39Z",
"generator": {
"date": "2019-12-16T13:52:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:3309-1",
"initial_release_date": "2019-12-16T13:52:39Z",
"revision_history": [
{
"date": "2019-12-16T13:52:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_08-3.28.1.aarch64",
"product": {
"name": "xen-4.10.4_08-3.28.1.aarch64",
"product_id": "xen-4.10.4_08-3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_08-3.28.1.aarch64",
"product": {
"name": "xen-devel-4.10.4_08-3.28.1.aarch64",
"product_id": "xen-devel-4.10.4_08-3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_08-3.28.1.aarch64",
"product": {
"name": "xen-doc-html-4.10.4_08-3.28.1.aarch64",
"product_id": "xen-doc-html-4.10.4_08-3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_08-3.28.1.aarch64",
"product": {
"name": "xen-libs-4.10.4_08-3.28.1.aarch64",
"product_id": "xen-libs-4.10.4_08-3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_08-3.28.1.aarch64",
"product": {
"name": "xen-tools-4.10.4_08-3.28.1.aarch64",
"product_id": "xen-tools-4.10.4_08-3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_08-3.28.1.aarch64",
"product": {
"name": "xen-tools-domU-4.10.4_08-3.28.1.aarch64",
"product_id": "xen-tools-domU-4.10.4_08-3.28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.10.4_08-3.28.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.10.4_08-3.28.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.10.4_08-3.28.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.10.4_08-3.28.1.i586",
"product": {
"name": "xen-devel-4.10.4_08-3.28.1.i586",
"product_id": "xen-devel-4.10.4_08-3.28.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_08-3.28.1.i586",
"product": {
"name": "xen-libs-4.10.4_08-3.28.1.i586",
"product_id": "xen-libs-4.10.4_08-3.28.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_08-3.28.1.i586",
"product": {
"name": "xen-tools-domU-4.10.4_08-3.28.1.i586",
"product_id": "xen-tools-domU-4.10.4_08-3.28.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-4.10.4_08-3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-devel-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-devel-4.10.4_08-3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-doc-html-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-doc-html-4.10.4_08-3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-libs-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-libs-4.10.4_08-3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-libs-32bit-4.10.4_08-3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-tools-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-tools-4.10.4_08-3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"product_id": "xen-tools-domU-4.10.4_08-3.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_08-3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64"
},
"product_reference": "xen-4.10.4_08-3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_08-3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_08-3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18422"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18422",
"url": "https://www.suse.com/security/cve/CVE-2019-18422"
},
{
"category": "external",
"summary": "SUSE Bug 1154464 for CVE-2019-18422",
"url": "https://bugzilla.suse.com/1154464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "important"
}
],
"title": "CVE-2019-18422"
},
{
"cve": "CVE-2019-18423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18423"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m-\u003emax_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m-\u003emax_mapped_gfn will be updated using the original frame. It would be possible to set p2m-\u003emax_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m-\u003emax_mapped_gfn is off-by-one allowing \"highest mapped + 1\" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18423",
"url": "https://www.suse.com/security/cve/CVE-2019-18423"
},
{
"category": "external",
"summary": "SUSE Bug 1154460 for CVE-2019-18423",
"url": "https://bugzilla.suse.com/1154460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "important"
}
],
"title": "CVE-2019-18423"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_08-3.28.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_08-3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-12-16T13:52:39Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
SUSE-SU-2020:0388-1
Vulnerability from csaf_suse - Published: 2020-02-17 14:03 - Updated: 2020-02-17 14:03Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304).
- CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279).
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497 XSA-305).
- CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI (bsc#1145652).
- CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874).
- CVE-2019-12155: Fixed a null pointer dereference while releasing spice resources (bsc#1135905).
- CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in slirp networking implementation (bsc#1143797).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly (bsc#1149813).
- CVE-2019-17340: Fixed grant table transfer issues on large hosts (XSA-284 bsc#1126140).
- CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285 bsc#1126141).
- CVE-2019-17342: Fixed steal_page violating page_struct access discipline (XSA-287 bsc#1126192).
- CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288 bsc#1126195).
- CVE-2019-17344: Fixed a missing preemption in x86 PV page table unvalidation (XSA-290 bsc#1126196).
- CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293 bsc#1126201).
- CVE-2019-18420: Fixed a hypervisor crash that could be caused by malicious x86 PV guests, resulting in a denial of service (bsc#1154448 XSA-296).
- CVE-2019-18421: Fixed a privilege escalation through malicious PV guest administrators (bsc#1154458 XSA-299).
- CVE-2019-18424: Fixed a privilege escalation through DMA to physical devices by untrusted domains (bsc#1154461 XSA-302).
- CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used mode (bsc#1154456 XSA-298).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).
Patchnames
SUSE-2020-388,SUSE-SLE-SAP-12-SP1-2020-388,SUSE-SLE-SERVER-12-SP1-2020-388
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304).\n- CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279).\n- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described \u0027Microarchitectural Data Sampling\u0027 attack. (bsc#1152497 XSA-305).\n- CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI (bsc#1145652).\n- CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874).\n- CVE-2019-12155: Fixed a null pointer dereference while releasing spice resources (bsc#1135905).\n- CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in slirp networking implementation (bsc#1143797).\n- CVE-2019-15890: Fixed a use-after-free during packet reassembly (bsc#1149813).\n- CVE-2019-17340: Fixed grant table transfer issues on large hosts (XSA-284 bsc#1126140).\n- CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285 bsc#1126141).\n- CVE-2019-17342: Fixed steal_page violating page_struct access discipline (XSA-287 bsc#1126192).\n- CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288 bsc#1126195).\n- CVE-2019-17344: Fixed a missing preemption in x86 PV page table unvalidation (XSA-290 bsc#1126196).\n- CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293 bsc#1126201).\n- CVE-2019-18420: Fixed a hypervisor crash that could be caused by malicious x86 PV guests, resulting in a denial of service (bsc#1154448 XSA-296).\n- CVE-2019-18421: Fixed a privilege escalation through malicious PV guest administrators (bsc#1154458 XSA-299).\n- CVE-2019-18424: Fixed a privilege escalation through DMA to physical devices by untrusted domains (bsc#1154461 XSA-302). \n- CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used mode (bsc#1154456 XSA-298).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-388,SUSE-SLE-SAP-12-SP1-2020-388,SUSE-SLE-SERVER-12-SP1-2020-388",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0388-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0388-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200388-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0388-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-February/006485.html"
},
{
"category": "self",
"summary": "SUSE Bug 1115045",
"url": "https://bugzilla.suse.com/1115045"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE Bug 1161181",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19965 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7211/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-02-17T14:03:16Z",
"generator": {
"date": "2020-02-17T14:03:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0388-1",
"initial_release_date": "2020-02-17T14:03:16Z",
"revision_history": [
{
"date": "2020-02-17T14:03:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.5.5_28-22.64.1.i586",
"product": {
"name": "xen-devel-4.5.5_28-22.64.1.i586",
"product_id": "xen-devel-4.5.5_28-22.64.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.5.5_28-22.64.1.i586",
"product": {
"name": "xen-libs-4.5.5_28-22.64.1.i586",
"product_id": "xen-libs-4.5.5_28-22.64.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.5.5_28-22.64.1.i586",
"product": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.i586",
"product_id": "xen-tools-domU-4.5.5_28-22.64.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-devel-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-devel-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-doc-html-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"product": {
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"product_id": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-libs-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-libs-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-tools-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-tools-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-tools-domU-4.5.5_28-22.64.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-19965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19965"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19965",
"url": "https://www.suse.com/security/cve/CVE-2018-19965"
},
{
"category": "external",
"summary": "SUSE Bug 1115045 for CVE-2018-19965",
"url": "https://bugzilla.suse.com/1115045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-19965"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
},
{
"cve": "CVE-2020-7211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7211"
}
],
"notes": [
{
"category": "general",
"text": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7211",
"url": "https://www.suse.com/security/cve/CVE-2020-7211"
},
{
"category": "external",
"summary": "SUSE Bug 1161180 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161180"
},
{
"category": "external",
"summary": "SUSE Bug 1161181 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2020-7211"
}
]
}
CERTFR-2019-AVI-630
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer version 7.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-14607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14607"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX266932 du 11 d\u00e9cembre 2019",
"url": "https://support.citrix.com/article/CTX266932"
}
]
}
CERTFR-2019-AVI-630
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer version 7.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-14607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14607"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX266932 du 11 d\u00e9cembre 2019",
"url": "https://support.citrix.com/article/CTX266932"
}
]
}
CERTFR-2019-AVI-628
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19578"
},
{
"name": "CVE-2019-19581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19581"
},
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19582",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19582"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-311 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-311.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-309 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-309.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-310 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-307 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-307.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-308 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-308.html"
}
]
}
CERTFR-2019-AVI-628
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19578"
},
{
"name": "CVE-2019-19581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19581"
},
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19582",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19582"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-311 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-311.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-309 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-309.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-310 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-307 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-307.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-308 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-308.html"
}
]
}
CNVD-2020-07296
Vulnerability from cnvd - Published: 2020-02-14
VLAI Severity ?
Title
Xen权限提升漏洞(CNVD-2020-07296)
Description
Xen是一款开源虚拟机监视器产品。
Xen 4.12.*及更早版本存在权限提升漏洞。该漏洞源于页表升级和降级操作存在竞争条件。攻击者可利用该漏洞获得主机操作系统权限。
Severity
中
Patch Name
Xen权限提升漏洞(CNVD-2020-07296)的补丁
Patch Description
Xen是一款开源虚拟机监视器产品。
Xen 4.12.*及更早版本存在权限提升漏洞。该漏洞源于页表升级和降级操作存在竞争条件。攻击者可利用该漏洞获得主机操作系统权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://xenbits.xen.org/xsa/advisory-310.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-19580
Impacted products
| Name | Xen Xen <=4.12.* |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19580",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-19580"
}
},
"description": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\n\nXen 4.12.*\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9875\u8868\u5347\u7ea7\u548c\u964d\u7ea7\u64cd\u4f5c\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u6743\u9650\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://xenbits.xen.org/xsa/advisory-310.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-07296",
"openTime": "2020-02-14",
"patchDescription": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\r\n\r\nXen 4.12.*\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9875\u8868\u5347\u7ea7\u548c\u964d\u7ea7\u64cd\u4f5c\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2020-07296\uff09\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen \u003c=4.12.*"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19580",
"serverity": "\u4e2d",
"submitTime": "2019-12-12",
"title": "Xen\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2020-07296\uff09"
}
FKIE_CVE-2019-19580
Vulnerability from fkie_nvd - Published: 2019-12-11 18:16 - Updated: 2024-11-21 04:34
Severity ?
Summary
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "18F9F58D-58A0-4356-AB70-E5ACF913BFCA",
"versionEndIncluding": "4.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\u00f3n y degradaci\u00f3n de tablas de p\u00e1ginas, debido a una soluci\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\u00f3 varios problemas cr\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\u00e1n afectados. Los sistemas ARM no est\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\u00edcil de explotar en la pr\u00e1ctica."
}
],
"id": "CVE-2019-19580",
"lastModified": "2024-11-21T04:34:59.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T18:16:19.397",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5F2H-R2X9-9P3V
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-05-24 17:03
VLAI?
Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
{
"affected": [],
"aliases": [
"CVE-2019-19580"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-11T18:16:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"id": "GHSA-5f2h-r2x9-9p3v",
"modified": "2022-05-24T17:03:15Z",
"published": "2022-05-24T17:03:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19580"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2019-19580
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19580",
"description": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"id": "GSD-2019-19580",
"references": [
"https://www.suse.com/security/cve/CVE-2019-19580.html",
"https://www.debian.org/security/2020/dsa-4602"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19580"
],
"details": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"id": "GSD-2019-19580",
"modified": "2023-12-13T01:23:53.872799Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-310.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndIncluding": "4.12.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19580"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-310.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-01-03T22:15Z",
"publishedDate": "2019-12-11T18:16Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…