openSUSE Security Update : xen (openSUSE-2015-434) (Venom)

High Nessus Plugin ID 84333

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9.5


The remote openSUSE host is missing a security update.


Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs.

The following vulnerabilities were fixed :

- CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (boo#931625)

- CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (boo#931626)

- CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (boo#931627)

- CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (boo#931628)

- CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996)

- CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (boo#932790)

- CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (boo#932770)

- CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. ()

- CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. ()

- CVE-2015-2752: Long latency MMIO mapping operations are not preemptible (XSA-125 boo#922705)

- CVE-2015-2756: Unmediated PCI command register access in qemu (XSA-126 boo#922706)

- CVE-2015-2751: Certain domctl operations may be abused to lock up the host (XSA-127 boo#922709)

- CVE-2015-2151: Hypervisor memory corruption due to x86 emulator flaw (boo#919464 XSA-123)

- CVE-2015-2045: Information leak through version information hypercall (boo#918998 XSA-122)

- CVE-2015-2044: Information leak via internal x86 system device emulation (boo#918995 (XSA-121)

- CVE-2015-2152: HVM qemu unexpectedly enabling emulated VGA graphics backends (boo#919663 XSA-119)

- CVE-2014-3615: information leakage when guest sets high resolution (boo#895528)

The following non-security bugs were fixed :

- xentop: Fix memory leak on read failure

- boo#923758: xen dmesg contains bogus output in early boot

- boo#921842: Xentop doesn't display disk statistics for VMs using qdisks

- boo#919098: L3: XEN blktap device intermittently fails to connect

- boo#882089: Windows 2012 R2 fails to boot up with greater than 60 vcpus

- boo#903680: Problems with detecting free loop devices on Xen guest startup

- boo#861318: xentop reports 'Found interface vif101.0 but domain 101 does not exist.'

- boo#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores

- boo#910254: SLES11 SP3 Xen VT-d igb NIC doesn't work

- boo#912011: high ping latency after upgrade to latest SLES11SP3 on xen Dom0

- boo#906689: let systemd schedule xencommons after and so that xendomains has access to remote shares

The following functionality was enabled or enhanced :

- Enable spice support in qemu for x86_64

- Add Qxl vga support

- Enhancement to virsh/libvirtd 'send-key' command (FATE#317240)

- Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239)


Update the affected xen packages.

See Also

Plugin Details

Severity: High

ID: 84333

File Name: openSUSE-2015-434.nasl

Version: 2.3

Type: local

Agent: unix

Published: 2015/06/23

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 9.5

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/06/14

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-3615, CVE-2015-2044, CVE-2015-2045, CVE-2015-2151, CVE-2015-2152, CVE-2015-2751, CVE-2015-2752, CVE-2015-2756, CVE-2015-3209, CVE-2015-3340, CVE-2015-3456, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106, CVE-2015-4163, CVE-2015-4164