1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2015-9965

[FEDORA-2015-9965] Fedora 20: xen

Severity High
Affected Packages 1
CVEs 49
Info Packages References Vulnerabilities

Heap overflow in QEMU PCNET controller, allowing guest->host escape
XSA-135, CVE-2015-3209
GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]
vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]
Potential unintended writes to host MSI message data field via qemu
[XSA-128, CVE-2015-4103],
PCI MSI mask bits inadvertently exposed to guests [XSA-129,
CVE-2015-4104],
Guest triggerable qemu MSI-X pass-through error messages [XSA-130,
CVE-2015-4105],
Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]

Package Affected Version
pkg:rpm/fedora/xen?distro=fedora-20 < 4.3.4.6.fc20
ID
FEDORA-2015-9965
Severity
high
Severity from
CVE-2014-7188
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9965
Published
2015-06-24T16:04:11
(9 years ago)
Modified
2015-06-24T16:04:11
(9 years ago)
Rights
Copyright 2015 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1223851 Bug #1223851 - CVE-2015-4104 xen: PCI MSI mask bits inadvertently exposed to guests (xsa-129) https://bugzilla.redhat.com/show_bug.cgi?id=1223851
Bugzilla 1223859 Bug #1223859 - xen: unmediated PCI register access in qemu (xsa-131) https://bugzilla.redhat.com/show_bug.cgi?id=1223859
Bugzilla 1225882 Bug #1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path https://bugzilla.redhat.com/show_bug.cgi?id=1225882
Bugzilla 1223853 Bug #1223853 - xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130) https://bugzilla.redhat.com/show_bug.cgi?id=1223853
Bugzilla 1223846 Bug #1223846 - CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128) https://bugzilla.redhat.com/show_bug.cgi?id=1223846
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/xen?distro=fedora-20 fedora xen < 4.3.4.6.fc20 fedora-20
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date