openSUSE Security Update : xen (openSUSE-2015-434) (Venom)

high Nessus Plugin ID 84333
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs.

The following vulnerabilities were fixed :

- CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (boo#931625)

- CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (boo#931626)

- CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (boo#931627)

- CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (boo#931628)

- CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996)

- CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (boo#932790)

- CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (boo#932770)

- CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. ()

- CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. ()

- CVE-2015-2752: Long latency MMIO mapping operations are not preemptible (XSA-125 boo#922705)

- CVE-2015-2756: Unmediated PCI command register access in qemu (XSA-126 boo#922706)

- CVE-2015-2751: Certain domctl operations may be abused to lock up the host (XSA-127 boo#922709)

- CVE-2015-2151: Hypervisor memory corruption due to x86 emulator flaw (boo#919464 XSA-123)

- CVE-2015-2045: Information leak through version information hypercall (boo#918998 XSA-122)

- CVE-2015-2044: Information leak via internal x86 system device emulation (boo#918995 (XSA-121)

- CVE-2015-2152: HVM qemu unexpectedly enabling emulated VGA graphics backends (boo#919663 XSA-119)

- CVE-2014-3615: information leakage when guest sets high resolution (boo#895528)

The following non-security bugs were fixed :

- xentop: Fix memory leak on read failure

- boo#923758: xen dmesg contains bogus output in early boot

- boo#921842: Xentop doesn't display disk statistics for VMs using qdisks

- boo#919098: L3: XEN blktap device intermittently fails to connect

- boo#882089: Windows 2012 R2 fails to boot up with greater than 60 vcpus

- boo#903680: Problems with detecting free loop devices on Xen guest startup

- boo#861318: xentop reports 'Found interface vif101.0 but domain 101 does not exist.'

- boo#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores

- boo#910254: SLES11 SP3 Xen VT-d igb NIC doesn't work

- boo#912011: high ping latency after upgrade to latest SLES11SP3 on xen Dom0

- boo#906689: let systemd schedule xencommons after and so that xendomains has access to remote shares

The following functionality was enabled or enhanced :

- Enable spice support in qemu for x86_64

- Add Qxl vga support

- Enhancement to virsh/libvirtd 'send-key' command (FATE#317240)

- Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239)


Update the affected xen packages.

See Also

Plugin Details

Severity: High

ID: 84333

File Name: openSUSE-2015-434.nasl

Version: 2.4

Type: local

Agent: unix

Published: 6/23/2015

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Critical

Score: 9.5


Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/14/2015

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-3615, CVE-2015-2044, CVE-2015-2045, CVE-2015-2151, CVE-2015-2152, CVE-2015-2751, CVE-2015-2752, CVE-2015-2756, CVE-2015-3209, CVE-2015-3340, CVE-2015-3456, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106, CVE-2015-4163, CVE-2015-4164