SUSE-SU-2019:14199-1 - Vulnerability-Lookup

SUSE-SU-2019:14199-1

Vulnerability from csaf_suse - Published: 2019-10-24 11:23 - Updated: 2019-10-24 11:23

Summary

Security update for xen

Severity

Important

Notes

Title of the patch: Security update for xen

Description of the patch: This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905).

Patchnames: slessp4-xen-14199

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2019-12067

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-12068

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-12155

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-14378

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-15890

5.8 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17340

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17341

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17342

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17343

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17344

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17346

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17347

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2019-17348

5.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1126140	self
	https://bugzilla.suse.com/1126141	self
	https://bugzilla.suse.com/1126192	self
	https://bugzilla.suse.com/1126195	self
	https://bugzilla.suse.com/1126196	self
	https://bugzilla.suse.com/1126198	self
	https://bugzilla.suse.com/1126201	self
	https://bugzilla.suse.com/1127400	self
	https://bugzilla.suse.com/1135905	self
	https://bugzilla.suse.com/1143797	self
	https://bugzilla.suse.com/1145652	self
	https://bugzilla.suse.com/1146874	self
	https://bugzilla.suse.com/1149813	self
	https://www.suse.com/security/cve/CVE-2019-12067/	self
	https://www.suse.com/security/cve/CVE-2019-12068/	self
	https://www.suse.com/security/cve/CVE-2019-12155/	self
	https://www.suse.com/security/cve/CVE-2019-14378/	self
	https://www.suse.com/security/cve/CVE-2019-15890/	self
	https://www.suse.com/security/cve/CVE-2019-17340/	self
	https://www.suse.com/security/cve/CVE-2019-17341/	self
	https://www.suse.com/security/cve/CVE-2019-17342/	self
	https://www.suse.com/security/cve/CVE-2019-17343/	self
	https://www.suse.com/security/cve/CVE-2019-17344/	self
	https://www.suse.com/security/cve/CVE-2019-17346/	self
	https://www.suse.com/security/cve/CVE-2019-17347/	self
	https://www.suse.com/security/cve/CVE-2019-17348/	self
	https://www.suse.com/security/cve/CVE-2019-12067	external
	https://bugzilla.suse.com/1145642	external
	https://bugzilla.suse.com/1145652	external
	https://www.suse.com/security/cve/CVE-2019-12068	external
	https://bugzilla.suse.com/1146873	external
	https://bugzilla.suse.com/1146874	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-12155	external
	https://bugzilla.suse.com/1135902	external
	https://bugzilla.suse.com/1135905	external
	https://www.suse.com/security/cve/CVE-2019-14378	external
	https://bugzilla.suse.com/1143794	external
	https://bugzilla.suse.com/1143797	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-15890	external
	https://bugzilla.suse.com/1149811	external
	https://bugzilla.suse.com/1149813	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-17340	external
	https://bugzilla.suse.com/1126140	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-17341	external
	https://bugzilla.suse.com/1126141	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-17342	external
	https://bugzilla.suse.com/1126192	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-17343	external
	https://bugzilla.suse.com/1126195	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-17344	external
	https://bugzilla.suse.com/1126196	external
	https://bugzilla.suse.com/1178658	external
	https://www.suse.com/security/cve/CVE-2019-17346	external
	https://bugzilla.suse.com/1126198	external
	https://www.suse.com/security/cve/CVE-2019-17347	external
	https://bugzilla.suse.com/1126201	external
	https://www.suse.com/security/cve/CVE-2019-17348	external
	https://bugzilla.suse.com/1127400	external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n  which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n  service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n  emulator which could have led to execution of  arbitrary code with privileges of the \n  QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n  could have led to denial of service (bsc#1135905).\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp4-xen-14199",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14199-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:14199-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914199-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:14199-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006052.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126140",
        "url": "https://bugzilla.suse.com/1126140"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126141",
        "url": "https://bugzilla.suse.com/1126141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126192",
        "url": "https://bugzilla.suse.com/1126192"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126195",
        "url": "https://bugzilla.suse.com/1126195"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126196",
        "url": "https://bugzilla.suse.com/1126196"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126198",
        "url": "https://bugzilla.suse.com/1126198"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126201",
        "url": "https://bugzilla.suse.com/1126201"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1127400",
        "url": "https://bugzilla.suse.com/1127400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1135905",
        "url": "https://bugzilla.suse.com/1135905"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1143797",
        "url": "https://bugzilla.suse.com/1143797"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1145652",
        "url": "https://bugzilla.suse.com/1145652"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1146874",
        "url": "https://bugzilla.suse.com/1146874"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149813",
        "url": "https://bugzilla.suse.com/1149813"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12067 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12067/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12068 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12068/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12155 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12155/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14378 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14378/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15890 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17340 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17340/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17341 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17341/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17342 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17342/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17343 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17343/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17344 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17344/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17346 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17346/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17347 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17347/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17348 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17348/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2019-10-24T11:23:17Z",
      "generator": {
        "date": "2019-10-24T11:23:17Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:14199-1",
      "initial_release_date": "2019-10-24T11:23:17Z",
      "revision_history": [
        {
          "date": "2019-10-24T11:23:17Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
                "product": {
                  "name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
                  "product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
                "product": {
                  "name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
                  "product_id": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.4.4_40-61.49.1.i586",
                "product": {
                  "name": "xen-libs-4.4.4_40-61.49.1.i586",
                  "product_id": "xen-libs-4.4.4_40-61.49.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
                "product": {
                  "name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
                  "product_id": "xen-tools-domU-4.4.4_40-61.49.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.4.4_40-61.49.1.x86_64",
                "product": {
                  "name": "xen-4.4.4_40-61.49.1.x86_64",
                  "product_id": "xen-4.4.4_40-61.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
                "product": {
                  "name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
                  "product_id": "xen-doc-html-4.4.4_40-61.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
                "product": {
                  "name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
                  "product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.4.4_40-61.49.1.x86_64",
                "product": {
                  "name": "xen-libs-4.4.4_40-61.49.1.x86_64",
                  "product_id": "xen-libs-4.4.4_40-61.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
                "product": {
                  "name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
                  "product_id": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.4.4_40-61.49.1.x86_64",
                "product": {
                  "name": "xen-tools-4.4.4_40-61.49.1.x86_64",
                  "product_id": "xen-tools-4.4.4_40-61.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
                "product": {
                  "name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
                  "product_id": "xen-tools-domU-4.4.4_40-61.49.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64"
        },
        "product_reference": "xen-4.4.4_40-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
        },
        "product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
        },
        "product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
        },
        "product_reference": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586"
        },
        "product_reference": "xen-libs-4.4.4_40-61.49.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64"
        },
        "product_reference": "xen-libs-4.4.4_40-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64"
        },
        "product_reference": "xen-tools-4.4.4_40-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586"
        },
        "product_reference": "xen-tools-domU-4.4.4_40-61.49.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12067",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12067"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12067",
          "url": "https://www.suse.com/security/cve/CVE-2019-12067"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1145642 for CVE-2019-12067",
          "url": "https://bugzilla.suse.com/1145642"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1145652 for CVE-2019-12067",
          "url": "https://bugzilla.suse.com/1145652"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-12067"
    },
    {
      "cve": "CVE-2019-12068",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12068"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12068",
          "url": "https://www.suse.com/security/cve/CVE-2019-12068"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146873 for CVE-2019-12068",
          "url": "https://bugzilla.suse.com/1146873"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146874 for CVE-2019-12068",
          "url": "https://bugzilla.suse.com/1146874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-12068",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-12068"
    },
    {
      "cve": "CVE-2019-12155",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12155"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12155",
          "url": "https://www.suse.com/security/cve/CVE-2019-12155"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135902 for CVE-2019-12155",
          "url": "https://bugzilla.suse.com/1135902"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135905 for CVE-2019-12155",
          "url": "https://bugzilla.suse.com/1135905"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-12155"
    },
    {
      "cve": "CVE-2019-14378",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14378"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14378",
          "url": "https://www.suse.com/security/cve/CVE-2019-14378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143794 for CVE-2019-14378",
          "url": "https://bugzilla.suse.com/1143794"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143797 for CVE-2019-14378",
          "url": "https://bugzilla.suse.com/1143797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-14378",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-14378"
    },
    {
      "cve": "CVE-2019-15890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15890",
          "url": "https://www.suse.com/security/cve/CVE-2019-15890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149811 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1149811"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149813 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1149813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15890"
    },
    {
      "cve": "CVE-2019-17340",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17340"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17340",
          "url": "https://www.suse.com/security/cve/CVE-2019-17340"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126140 for CVE-2019-17340",
          "url": "https://bugzilla.suse.com/1126140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17340",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17340"
    },
    {
      "cve": "CVE-2019-17341",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17341"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17341",
          "url": "https://www.suse.com/security/cve/CVE-2019-17341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126141 for CVE-2019-17341",
          "url": "https://bugzilla.suse.com/1126141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17341",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17341"
    },
    {
      "cve": "CVE-2019-17342",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17342"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17342",
          "url": "https://www.suse.com/security/cve/CVE-2019-17342"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126192 for CVE-2019-17342",
          "url": "https://bugzilla.suse.com/1126192"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17342",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17342"
    },
    {
      "cve": "CVE-2019-17343",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17343"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17343",
          "url": "https://www.suse.com/security/cve/CVE-2019-17343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126195 for CVE-2019-17343",
          "url": "https://bugzilla.suse.com/1126195"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17343",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17343"
    },
    {
      "cve": "CVE-2019-17344",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17344"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17344",
          "url": "https://www.suse.com/security/cve/CVE-2019-17344"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126196 for CVE-2019-17344",
          "url": "https://bugzilla.suse.com/1126196"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17344",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17344"
    },
    {
      "cve": "CVE-2019-17346",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17346"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17346",
          "url": "https://www.suse.com/security/cve/CVE-2019-17346"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126198 for CVE-2019-17346",
          "url": "https://bugzilla.suse.com/1126198"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17346"
    },
    {
      "cve": "CVE-2019-17347",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17347"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17347",
          "url": "https://www.suse.com/security/cve/CVE-2019-17347"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126201 for CVE-2019-17347",
          "url": "https://bugzilla.suse.com/1126201"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17347"
    },
    {
      "cve": "CVE-2019-17348",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17348"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17348",
          "url": "https://www.suse.com/security/cve/CVE-2019-17348"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127400 for CVE-2019-17348",
          "url": "https://bugzilla.suse.com/1127400"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-24T11:23:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17348"
    }
  ]
}

CVE-2019-17342 (GCVE-0-2019-17342)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:03 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-287.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-287.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/2	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-287.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-287.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 287 v3 (CVE-2019-17342) - x86: steal_page violates page_struct access discipline",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/2"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:25.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-287.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-287.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 287 v3 (CVE-2019-17342) - x86: steal_page violates page_struct access discipline",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/2"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17342",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-287.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-287.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-287.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-287.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 287 v3 (CVE-2019-17342) - x86: steal_page violates page_struct access discipline",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/2"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17342",
    "datePublished": "2019-10-08T00:03:03.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:15.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17343 (GCVE-0-2019-17343)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:02 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-288.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-288.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/1…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-288.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-288.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 288 v3 (CVE-2019-17343) - x86: Inconsistent PV IOMMU discipline",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/10"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:22.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-288.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-288.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 288 v3 (CVE-2019-17343) - x86: Inconsistent PV IOMMU discipline",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/10"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17343",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-288.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-288.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-288.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-288.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 288 v3 (CVE-2019-17343) - x86: Inconsistent PV IOMMU discipline",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/10"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17343",
    "datePublished": "2019-10-08T00:02:51.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:15.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17346 (GCVE-0-2019-17346)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:02 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-292.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-292.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/5	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-292.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-292.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-292.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-292.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17346",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-292.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-292.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-292.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-292.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17346",
    "datePublished": "2019-10-08T00:02:15.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:15.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17340 (GCVE-0-2019-17340)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:03 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-284.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-284.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/1	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:14.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-284.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-284.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:21.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-284.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-284.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-284.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-284.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-284.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-284.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17340",
    "datePublished": "2019-10-08T00:03:29.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:14.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17341 (GCVE-0-2019-17341)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:03 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-285.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-285.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/6	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:14.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-285.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-285.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 285 v3 (CVE-2019-17341) - race with pass-through device hotplug",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/6"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-285.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-285.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 285 v3 (CVE-2019-17341) - race with pass-through device hotplug",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/6"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-285.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-285.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-285.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-285.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 285 v3 (CVE-2019-17341) - race with pass-through device hotplug",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/6"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17341",
    "datePublished": "2019-10-08T00:03:17.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:14.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14378 (GCVE-0-2019-14378)

Vulnerability from cvelistv5 – Published: 2019-07-29 10:05 – Updated: 2024-08-05 00:19

Summary

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://gitlab.freedesktop.org/slirp/libslirp/com…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/08/01/2	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://seclists.org/bugtraq/2019/Aug/41	mailing-listx_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4506	vendor-advisoryx_refsource_DEBIAN
	https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/201…	x_refsource_MISC
	https://news.ycombinator.com/item?id=20799010	x_refsource_MISC
	http://packetstormsecurity.com/files/154269/QEMU-…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4512	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Sep/3	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://support.f5.com/csp/article/K25423748	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://support.f5.com/csp/article/K25423748?utm_…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3179	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3403	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3494	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3742	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3787	vendor-advisoryx_refsource_REDHAT
	https://usn.ubuntu.com/4191-2/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4191-1/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:3968	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4344	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0366	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0775	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:40.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210"
          },
          {
            "name": "[oss-security] 20190801 CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/01/2"
          },
          {
            "name": "FEDORA-2019-77bafc4454",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/"
          },
          {
            "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/41"
          },
          {
            "name": "DSA-4506",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4506"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=20799010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html"
          },
          {
            "name": "openSUSE-SU-2019:2041",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
          },
          {
            "name": "DSA-4512",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4512"
          },
          {
            "name": "20190902 [SECURITY] [DSA 4512-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/3"
          },
          {
            "name": "openSUSE-SU-2019:2059",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K25423748"
          },
          {
            "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K25423748?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3179",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3179"
          },
          {
            "name": "RHSA-2019:3403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3403"
          },
          {
            "name": "RHSA-2019:3494",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3494"
          },
          {
            "name": "RHSA-2019:3742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3742"
          },
          {
            "name": "RHSA-2019:3787",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3787"
          },
          {
            "name": "USN-4191-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-2/"
          },
          {
            "name": "openSUSE-SU-2019:2510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
          },
          {
            "name": "USN-4191-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-1/"
          },
          {
            "name": "RHSA-2019:3968",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3968"
          },
          {
            "name": "RHSA-2019:4344",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4344"
          },
          {
            "name": "RHSA-2020:0366",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0366"
          },
          {
            "name": "RHSA-2020:0775",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-11T11:06:29.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210"
        },
        {
          "name": "[oss-security] 20190801 CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/01/2"
        },
        {
          "name": "FEDORA-2019-77bafc4454",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/"
        },
        {
          "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/41"
        },
        {
          "name": "DSA-4506",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4506"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://news.ycombinator.com/item?id=20799010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html"
        },
        {
          "name": "openSUSE-SU-2019:2041",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
        },
        {
          "name": "DSA-4512",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4512"
        },
        {
          "name": "20190902 [SECURITY] [DSA 4512-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/3"
        },
        {
          "name": "openSUSE-SU-2019:2059",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K25423748"
        },
        {
          "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K25423748?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3179"
        },
        {
          "name": "RHSA-2019:3403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3403"
        },
        {
          "name": "RHSA-2019:3494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3494"
        },
        {
          "name": "RHSA-2019:3742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3742"
        },
        {
          "name": "RHSA-2019:3787",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3787"
        },
        {
          "name": "USN-4191-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-2/"
        },
        {
          "name": "openSUSE-SU-2019:2510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
        },
        {
          "name": "USN-4191-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-1/"
        },
        {
          "name": "RHSA-2019:3968",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3968"
        },
        {
          "name": "RHSA-2019:4344",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4344"
        },
        {
          "name": "RHSA-2020:0366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0366"
        },
        {
          "name": "RHSA-2020:0775",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14378",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210"
            },
            {
              "name": "[oss-security] 20190801 CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/01/2"
            },
            {
              "name": "FEDORA-2019-77bafc4454",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/"
            },
            {
              "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/41"
            },
            {
              "name": "DSA-4506",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4506"
            },
            {
              "name": "https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/",
              "refsource": "MISC",
              "url": "https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/"
            },
            {
              "name": "https://news.ycombinator.com/item?id=20799010",
              "refsource": "MISC",
              "url": "https://news.ycombinator.com/item?id=20799010"
            },
            {
              "name": "http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html"
            },
            {
              "name": "openSUSE-SU-2019:2041",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
            },
            {
              "name": "DSA-4512",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4512"
            },
            {
              "name": "20190902 [SECURITY] [DSA 4512-1] qemu security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/3"
            },
            {
              "name": "openSUSE-SU-2019:2059",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K25423748",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K25423748"
            },
            {
              "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K25423748?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K25423748?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3179",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3179"
            },
            {
              "name": "RHSA-2019:3403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3403"
            },
            {
              "name": "RHSA-2019:3494",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3494"
            },
            {
              "name": "RHSA-2019:3742",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3742"
            },
            {
              "name": "RHSA-2019:3787",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3787"
            },
            {
              "name": "USN-4191-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-2/"
            },
            {
              "name": "openSUSE-SU-2019:2510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
            },
            {
              "name": "USN-4191-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-1/"
            },
            {
              "name": "RHSA-2019:3968",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3968"
            },
            {
              "name": "RHSA-2019:4344",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4344"
            },
            {
              "name": "RHSA-2020:0366",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0366"
            },
            {
              "name": "RHSA-2020:0775",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14378",
    "datePublished": "2019-07-29T10:05:22.000Z",
    "dateReserved": "2019-07-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:19:40.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17347 (GCVE-0-2019-17347)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:02 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-293.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-293.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/8	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:14.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-293.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-293.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 293 v4 (CVE-2019-17347) - x86: PV kernel context switch corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/8"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:24.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-293.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-293.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 293 v4 (CVE-2019-17347) - x86: PV kernel context switch corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/8"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17347",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-293.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-293.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-293.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-293.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 293 v4 (CVE-2019-17347) - x86: PV kernel context switch corruption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/8"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17347",
    "datePublished": "2019-10-08T00:02:04.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:14.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12155 (GCVE-0-2019-12155)

Vulnerability from cvelistv5 – Published: 2019-05-24 15:33 – Updated: 2024-08-04 23:10

Summary

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://lists.gnu.org/archive/html/qemu-devel/201…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/05/22/1	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4454	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/May/76	mailing-listx_refsource_BUGTRAQ
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:2607	vendor-advisoryx_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:2892	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3179	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3345	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3742	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3787	vendor-advisoryx_refsource_REDHAT
	https://usn.ubuntu.com/4191-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4191-1/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHBA-2019:3723	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4344	vendor-advisoryx_refsource_REDHAT
	https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3…	x_refsource_MISC

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
          },
          {
            "name": "DSA-4454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4454"
          },
          {
            "name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/76"
          },
          {
            "name": "FEDORA-2019-52a8f5468e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
          },
          {
            "name": "FEDORA-2019-e9de40d53f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
          },
          {
            "name": "openSUSE-SU-2019:2041",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2019:2059",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
          },
          {
            "name": "RHSA-2019:2607",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2607"
          },
          {
            "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
          },
          {
            "name": "RHSA-2019:2892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2892"
          },
          {
            "name": "RHSA-2019:3179",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3179"
          },
          {
            "name": "RHSA-2019:3345",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3345"
          },
          {
            "name": "RHSA-2019:3742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3742"
          },
          {
            "name": "RHSA-2019:3787",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3787"
          },
          {
            "name": "USN-4191-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-2/"
          },
          {
            "name": "USN-4191-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-1/"
          },
          {
            "name": "RHBA-2019:3723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:3723"
          },
          {
            "name": "RHSA-2019:4344",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4344"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-30T19:32:48.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
        },
        {
          "name": "DSA-4454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4454"
        },
        {
          "name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/76"
        },
        {
          "name": "FEDORA-2019-52a8f5468e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
        },
        {
          "name": "FEDORA-2019-e9de40d53f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
        },
        {
          "name": "openSUSE-SU-2019:2041",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2019:2059",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
        },
        {
          "name": "RHSA-2019:2607",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2607"
        },
        {
          "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
        },
        {
          "name": "RHSA-2019:2892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2892"
        },
        {
          "name": "RHSA-2019:3179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3179"
        },
        {
          "name": "RHSA-2019:3345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3345"
        },
        {
          "name": "RHSA-2019:3742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3742"
        },
        {
          "name": "RHSA-2019:3787",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3787"
        },
        {
          "name": "USN-4191-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-2/"
        },
        {
          "name": "USN-4191-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-1/"
        },
        {
          "name": "RHBA-2019:3723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:3723"
        },
        {
          "name": "RHSA-2019:4344",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4344"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12155",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html",
              "refsource": "MISC",
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2019/05/22/1",
              "refsource": "CONFIRM",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
            },
            {
              "name": "DSA-4454",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4454"
            },
            {
              "name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/76"
            },
            {
              "name": "FEDORA-2019-52a8f5468e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
            },
            {
              "name": "FEDORA-2019-e9de40d53f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
            },
            {
              "name": "openSUSE-SU-2019:2041",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2019:2059",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
            },
            {
              "name": "RHSA-2019:2607",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2607"
            },
            {
              "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
            },
            {
              "name": "RHSA-2019:2892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2892"
            },
            {
              "name": "RHSA-2019:3179",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3179"
            },
            {
              "name": "RHSA-2019:3345",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3345"
            },
            {
              "name": "RHSA-2019:3742",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3742"
            },
            {
              "name": "RHSA-2019:3787",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3787"
            },
            {
              "name": "USN-4191-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-2/"
            },
            {
              "name": "USN-4191-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-1/"
            },
            {
              "name": "RHBA-2019:3723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:3723"
            },
            {
              "name": "RHSA-2019:4344",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4344"
            },
            {
              "name": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2",
              "refsource": "MISC",
              "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12155",
    "datePublished": "2019-05-24T15:33:11.000Z",
    "dateReserved": "2019-05-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:10:30.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12068 (GCVE-0-2019-12068)

Vulnerability from cvelistv5 – Published: 2019-09-24 19:59 – Updated: 2024-08-04 23:10

Summary

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.gnu.org/archive/html/qemu-devel/201…	x_refsource_MISC
	https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d…	x_refsource_MISC
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	https://usn.ubuntu.com/4191-2/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4191-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4665	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
          },
          {
            "name": "USN-4191-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-2/"
          },
          {
            "name": "openSUSE-SU-2019:2510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
          },
          {
            "name": "openSUSE-SU-2019:2505",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
          },
          {
            "name": "USN-4191-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-1/"
          },
          {
            "name": "DSA-4665",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4665"
          },
          {
            "name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-26T13:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
        },
        {
          "name": "USN-4191-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-2/"
        },
        {
          "name": "openSUSE-SU-2019:2510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
        },
        {
          "name": "openSUSE-SU-2019:2505",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
        },
        {
          "name": "USN-4191-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-1/"
        },
        {
          "name": "DSA-4665",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4665"
        },
        {
          "name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
            },
            {
              "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
              "refsource": "MISC",
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
            },
            {
              "name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
              "refsource": "MISC",
              "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
            },
            {
              "name": "USN-4191-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-2/"
            },
            {
              "name": "openSUSE-SU-2019:2510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
            },
            {
              "name": "openSUSE-SU-2019:2505",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
            },
            {
              "name": "USN-4191-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-1/"
            },
            {
              "name": "DSA-4665",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4665"
            },
            {
              "name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12068",
    "datePublished": "2019-09-24T19:59:44.000Z",
    "dateReserved": "2019-05-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:10:30.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17344 (GCVE-0-2019-17344)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:02 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-290.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-290.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/3	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-290.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-290.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 290 v3 (CVE-2019-17344) - missing preemption in x86 PV page table unvalidation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/3"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-290.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-290.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 290 v3 (CVE-2019-17344) - missing preemption in x86 PV page table unvalidation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/3"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-290.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-290.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-290.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-290.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 290 v3 (CVE-2019-17344) - missing preemption in x86 PV page table unvalidation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/3"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17344",
    "datePublished": "2019-10-08T00:02:40.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:15.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17348 (GCVE-0-2019-17348)

Vulnerability from cvelistv5 – Published: 2019-10-08 00:01 – Updated: 2024-08-05 01:40

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://xenbits.xen.org/xsa/advisory-294.html	x_refsource_CONFIRM
	https://xenbits.xen.org/xsa/advisory-294.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/25/7	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-294.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-294.html"
          },
          {
            "name": "[oss-security] 20191025 Xen Security Advisory 294 v3 (CVE-2019-17348) - x86 shadow: Insufficient TLB flushing when using PCID",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/7"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-14T22:06:13.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-294.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-294.html"
        },
        {
          "name": "[oss-security] 20191025 Xen Security Advisory 294 v3 (CVE-2019-17348) - x86 shadow: Insufficient TLB flushing when using PCID",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/25/7"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17348",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-294.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-294.html"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-294.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-294.html"
            },
            {
              "name": "[oss-security] 20191025 Xen Security Advisory 294 v3 (CVE-2019-17348) - x86 shadow: Insufficient TLB flushing when using PCID",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/7"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17348",
    "datePublished": "2019-10-08T00:01:46.000Z",
    "dateReserved": "2019-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:15.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12067 (GCVE-0-2019-12067)

Vulnerability from cvelistv5 – Published: 2021-06-02 14:18 – Updated: 2024-08-04 23:10

Summary

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://lists.gnu.org/archive/html/qemu-devel/201…	x_refsource_MISC
	https://lists.gnu.org/archive/html/qemu-devel/201…	x_refsource_MISC
	https://bugzilla.suse.com/show_bug.cgi?id=1145642	x_refsource_MISC
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2021072…	x_refsource_CONFIRM

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-27T15:06:24.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html",
              "refsource": "MISC",
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
            },
            {
              "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html",
              "refsource": "MISC",
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1145642",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2019-12067",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210727-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12067",
    "datePublished": "2021-06-02T14:18:09.000Z",
    "dateReserved": "2019-05-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:10:30.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15890 (GCVE-0-2019-15890)

Vulnerability from cvelistv5 – Published: 2019-09-06 16:55 – Updated: 2024-08-05 01:03

Summary

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://gitlab.freedesktop.org/slirp/libslirp/com…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/09/06/3	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4191-2/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4191-1/	vendor-advisoryx_refsource_UBUNTU
	https://seclists.org/bugtraq/2020/Feb/0	mailing-listx_refsource_BUGTRAQ
	https://www.debian.org/security/2020/dsa-4616	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2020:0775	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:03:31.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"
          },
          {
            "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
          },
          {
            "name": "USN-4191-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-2/"
          },
          {
            "name": "openSUSE-SU-2019:2510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
          },
          {
            "name": "USN-4191-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4191-1/"
          },
          {
            "name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/0"
          },
          {
            "name": "DSA-4616",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4616"
          },
          {
            "name": "RHSA-2020:0775",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-11T11:06:28.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"
        },
        {
          "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
        },
        {
          "name": "USN-4191-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-2/"
        },
        {
          "name": "openSUSE-SU-2019:2510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
        },
        {
          "name": "USN-4191-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4191-1/"
        },
        {
          "name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/0"
        },
        {
          "name": "DSA-4616",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4616"
        },
        {
          "name": "RHSA-2020:0775",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15890",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2019/09/06/3",
              "refsource": "CONFIRM",
              "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"
            },
            {
              "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
            },
            {
              "name": "USN-4191-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-2/"
            },
            {
              "name": "openSUSE-SU-2019:2510",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
            },
            {
              "name": "USN-4191-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4191-1/"
            },
            {
              "name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/0"
            },
            {
              "name": "DSA-4616",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4616"
            },
            {
              "name": "RHSA-2020:0775",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15890",
    "datePublished": "2019-09-06T16:55:12.000Z",
    "dateReserved": "2019-09-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:03:31.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.