suse-su-2019:2961-1
Vulnerability from csaf_suse
Published
2019-11-12 18:17
Modified
2019-11-12 18:17
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race
condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine
Exception during Page Size Change, causing the CPU core to be non-functional.
(bsc#1155945)
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497).
- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,
resulting in a Denial of Service (DoS). (bsc#1154460).
- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical
Xen code to run with interrupts erroneously enabled. This could lead to data
corruption, denial of service, or possibly even privilege escalation. However
a precise attack technique has not been identified. (bsc#1154464)
- CVE-2019-18424: An untrusted domain with access to a physical device can DMA
into host memory, leading to privilege escalation. (bsc#1154461).
- CVE-2019-18421: A malicious PV guest administrator may have been able to
escalate their privilege to that of the host. (bsc#1154458).
- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that
of the guest kernel. (bsc#1154456).
- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash,
resulting in a Denial of Service (Dos). (bsc#1154448)
- Upstream bug fixes (bsc#1027519)
Patchnames
SUSE-2019-2961,SUSE-SLE-Module-Basesystem-15-SP1-2019-2961,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2961,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2961
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race\n condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine\n Exception during Page Size Change, causing the CPU core to be non-functional.\n (bsc#1155945)\n- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with\n Transactional Memory support could be used to facilitate sidechannel\n information leaks out of microarchitectural buffers, similar to the\n previously described \u0027Microarchitectural Data Sampling\u0027 attack. (bsc#1152497).\n- CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash,\n resulting in a Denial of Service (DoS). (bsc#1154460).\n- CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical \n Xen code to run with interrupts erroneously enabled. This could lead to data\n corruption, denial of service, or possibly even privilege escalation. However\n a precise attack technique has not been identified. (bsc#1154464)\n- CVE-2019-18424: An untrusted domain with access to a physical device can DMA \n into host memory, leading to privilege escalation. (bsc#1154461).\n- CVE-2019-18421: A malicious PV guest administrator may have been able to\n escalate their privilege to that of the host. (bsc#1154458).\n- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that \n of the guest kernel. (bsc#1154456).\n- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, \n resulting in a Denial of Service (Dos). (bsc#1154448)\n- Upstream bug fixes (bsc#1027519)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2961,SUSE-SLE-Module-Basesystem-15-SP1-2019-2961,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2961,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2961",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2961-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2961-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192961-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2961-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192961-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154460",
"url": "https://bugzilla.suse.com/1154460"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1154464",
"url": "https://bugzilla.suse.com/1154464"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18422 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18423 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-11-12T18:17:44Z",
"generator": {
"date": "2019-11-12T18:17:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2961-1",
"initial_release_date": "2019-11-12T18:17:44Z",
"revision_history": [
{
"date": "2019-11-12T18:17:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_04-3.6.1.aarch64",
"product": {
"name": "xen-4.12.1_04-3.6.1.aarch64",
"product_id": "xen-4.12.1_04-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_04-3.6.1.aarch64",
"product": {
"name": "xen-devel-4.12.1_04-3.6.1.aarch64",
"product_id": "xen-devel-4.12.1_04-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_04-3.6.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.1_04-3.6.1.aarch64",
"product_id": "xen-doc-html-4.12.1_04-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_04-3.6.1.aarch64",
"product": {
"name": "xen-libs-4.12.1_04-3.6.1.aarch64",
"product_id": "xen-libs-4.12.1_04-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_04-3.6.1.aarch64",
"product": {
"name": "xen-tools-4.12.1_04-3.6.1.aarch64",
"product_id": "xen-tools-4.12.1_04-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_04-3.6.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.1_04-3.6.1.aarch64",
"product_id": "xen-tools-domU-4.12.1_04-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.1_04-3.6.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.1_04-3.6.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.1_04-3.6.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.1_04-3.6.1.i586",
"product": {
"name": "xen-devel-4.12.1_04-3.6.1.i586",
"product_id": "xen-devel-4.12.1_04-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_04-3.6.1.i586",
"product": {
"name": "xen-libs-4.12.1_04-3.6.1.i586",
"product_id": "xen-libs-4.12.1_04-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_04-3.6.1.i586",
"product": {
"name": "xen-tools-domU-4.12.1_04-3.6.1.i586",
"product_id": "xen-tools-domU-4.12.1_04-3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-4.12.1_04-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-devel-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-devel-4.12.1_04-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-doc-html-4.12.1_04-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-libs-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-libs-4.12.1_04-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-libs-32bit-4.12.1_04-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-tools-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-tools-4.12.1_04-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"product_id": "xen-tools-domU-4.12.1_04-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_04-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64"
},
"product_reference": "xen-libs-4.12.1_04-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_04-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.1_04-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64"
},
"product_reference": "xen-4.12.1_04-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_04-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64"
},
"product_reference": "xen-devel-4.12.1_04-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.1_04-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
},
"product_reference": "xen-tools-4.12.1_04-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18422"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18422",
"url": "https://www.suse.com/security/cve/CVE-2019-18422"
},
{
"category": "external",
"summary": "SUSE Bug 1154464 for CVE-2019-18422",
"url": "https://bugzilla.suse.com/1154464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "important"
}
],
"title": "CVE-2019-18422"
},
{
"cve": "CVE-2019-18423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18423"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m-\u003emax_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m-\u003emax_mapped_gfn will be updated using the original frame. It would be possible to set p2m-\u003emax_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m-\u003emax_mapped_gfn is off-by-one allowing \"highest mapped + 1\" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18423",
"url": "https://www.suse.com/security/cve/CVE-2019-18423"
},
{
"category": "external",
"summary": "SUSE Bug 1154460 for CVE-2019-18423",
"url": "https://bugzilla.suse.com/1154460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "important"
}
],
"title": "CVE-2019-18423"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.1_04-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.1_04-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:44Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…