{"id": "OPENSUSE-2018-1624.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "published": "2018-12-31T00:00:00", "modified": "2018-12-31T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/119951", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1105528", "https://bugzilla.opensuse.org/show_bug.cgi?id=1115045", "https://bugzilla.opensuse.org/show_bug.cgi?id=1103276", "https://bugzilla.opensuse.org/show_bug.cgi?id=1103279", "https://bugzilla.opensuse.org/show_bug.cgi?id=1027519", "https://bugzilla.opensuse.org/show_bug.cgi?id=1103275", "https://bugzilla.opensuse.org/show_bug.cgi?id=1115047", "https://bugzilla.opensuse.org/show_bug.cgi?id=1078292", "https://bugzilla.opensuse.org/show_bug.cgi?id=1108940", "https://bugzilla.opensuse.org/show_bug.cgi?id=1091107", "https://bugzilla.opensuse.org/show_bug.cgi?id=1114405", "https://bugzilla.opensuse.org/show_bug.cgi?id=1115040", "https://bugzilla.opensuse.org/show_bug.cgi?id=1094508"], "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "type": "nessus", "lastseen": "2021-01-20T12:35:54", "edition": 14, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2018-1530.NASL", "DEBIAN_DLA-1949.NASL", "SUSE_SU-2018-4070-1.NASL", "SUSE_SU-2018-3490-1.NASL", "FEDORA_2018-915602DF63.NASL", "FEDORA_2019-BCE6498890.NASL", "OPENSUSE-2019-1046.NASL", "OPENSUSE-2018-1331.NASL", "FEDORA_2018-683DFDE81A.NASL", "SUSE_SU-2018-4300-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852177", "OPENVAS:1361412562310875255", "OPENVAS:1361412562310876553", "OPENVAS:1361412562310876441", "OPENVAS:1361412562310891949", "OPENVAS:1361412562310852221", "OPENVAS:1361412562310852436", "OPENVAS:1361412562310875528", "OPENVAS:1361412562310704369", "OPENVAS:1361412562310876137"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:4111-1", "OPENSUSE-SU-2018:2436-1", "OPENSUSE-SU-2018:4304-1", "OPENSUSE-SU-2018:2434-1", "OPENSUSE-SU-2019:1226-1"]}, {"type": "cve", "idList": ["CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-18883", "CVE-2018-19966", "CVE-2018-19962", "CVE-2018-19965", "CVE-2018-3646"]}, {"type": "citrix", "idList": ["CTX236548", "CTX239432", "CTX239100"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1949-1:95A46", "DEBIAN:DLA-1577-1:71995", "DEBIAN:DSA-4369-1:07573"]}, {"type": "fedora", "idList": ["FEDORA:501B260EC97D", "FEDORA:830BA60779B9", "FEDORA:5267F604C2BD", "FEDORA:1CB13619263C", "FEDORA:925F660BC44D", "FEDORA:37B8362B00D0", "FEDORA:D16B26094E7B", "FEDORA:936F660E6650", "FEDORA:BED2C6068713", "FEDORA:E5291607602A"]}, {"type": "f5", "idList": ["F5:K31300402"]}, {"type": "gentoo", "idList": ["GLSA-201810-06"]}, {"type": "vmware", "idList": ["VMSA-2018-0020"]}], "modified": "2021-01-20T12:35:54", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-20T12:35:54", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1624.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119951);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)\");\n script_summary(english:\"Check for the openSUSE-2018-1624 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-debugsource-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-devel-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "119951", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}

{"openvas": [{"lastseen": "2020-01-31T16:48:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-01-01T00:00:00", "id": "OPENVAS:1361412562310852221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852221", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:4304-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852221\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-01 04:01:26 +0100 (Tue, 01 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:4304-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4304-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00073.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2018:4304-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Update to Xen 4.10.2 bug fix release (bsc#1027519).\n\n Security vulnerabilities fixed:\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\n TLB flushing with AMD IOMMUs, which potentially allowed a guest to\n escalate its privileges, may cause a Denial of Service (DoS) affecting\n the entire host, or may be able to access data it is not supposed to\n access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in\n case non-canonical addresses are accessed, which may allow a guest to\n cause Xen to crash, resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\n which conflicted with shadow paging and allowed a guest to cause Xen to\n crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to improper restriction of nested\n VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial\n of Service (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\n guests to enable Branch Trace Store and may cause a Denial of Service\n (DoS) of the entire host. (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\n properly implemented and may cause a Denial of Service (DoS). (XSA-268)\n (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\n writes, which allowed a guest to write memory unbounded leading to\n system-wide Denial\n of Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n (XSA-273) (bsc#1091107)\n\n Other bugs fixed:\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1624=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit-debuginfo\", rpm:\"xen-libs-32bit-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-13T00:00:00", "id": "OPENVAS:1361412562310852177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852177", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:4111-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852177\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19961\",\n \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-13 07:30:34 +0100 (Thu, 13 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:4111-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4111-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2018:4111-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue was found in\n the LSI53C895A SCSI Host Bus Adapter emulation while writing a message\n in lsi_do_msgin (bsc#1114423).\n\n - CVE-2018-18883: Fixed a NULL pointer dereference that could have been\n triggered by nested VT-x that where not properly restricted\n (XSA-278)(bsc#1114405).\n\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\n Non-security issues fixed:\n\n - Added upstream bug fixes (bsc#1027519).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1530=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T19:30:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19961", "CVE-2018-19966"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310891949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891949", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1949-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891949\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19966\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 02:00:09 +0000 (Wed, 09 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1949-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1949-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the DLA-1949-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876137", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-3e89502cb1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876137\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:36:04 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-3e89502cb1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3e89502cb1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LN27JE7V6VL542IPGWJCUQQEF5M64PUI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-3e89502cb1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.1~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:46:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2017-15595"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-19961 / CVE-2018-19962\n\nPaul Durrant discovered that incorrect TLB handling could result in\ndenial of service, privilege escalation or information leaks.\n\nCVE-2018-19965\n\nMatthew Daley discovered that incorrect handling of the INVPCID\ninstruction could result in denial of service by PV guests.\n\nCVE-2018-19966\n\nIt was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege\nescalation or information leaks by a PV guest.\n\nCVE-2018-19967\n\nIt was discovered that an error in some Intel CPUs could result in\ndenial of service by a guest instance.", "modified": "2019-07-04T00:00:00", "published": "2019-01-14T00:00:00", "id": "OPENVAS:1361412562310704369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704369", "type": "openvas", "title": "Debian Security Advisory DSA 4369-1 (xen - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4369-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2019 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704369\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-15595\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\",\n \"CVE-2018-19967\");\n script_name(\"Debian Security Advisory DSA 4369-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-14 00:00:00 +0100 (Mon, 14 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4369.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2019 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.8.5+shim4.10.2+xsa282-1+deb9u11.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/xen\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-19961 / CVE-2018-19962\n\nPaul Durrant discovered that incorrect TLB handling could result in\ndenial of service, privilege escalation or information leaks.\n\nCVE-2018-19965\n\nMatthew Daley discovered that incorrect handling of the INVPCID\ninstruction could result in denial of service by PV guests.\n\nCVE-2018-19966\n\nIt was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege\nescalation or information leaks by a PV guest.\n\nCVE-2018-19967\n\nIt was discovered that an error in some Intel CPUs could result in\ndenial of service by a guest instance.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-19962", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-3620", "CVE-2018-3665", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-19966", "CVE-2018-10982", "CVE-2018-19967", "CVE-2018-12891", "CVE-2018-3639"], "description": "The remote host is missing an update for the\n ", "modified": "2019-04-02T00:00:00", "published": "2019-03-28T00:00:00", "id": "OPENVAS:1361412562310875528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875528", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-bce6498890", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875528\");\n script_version(\"2019-04-02T06:16:35+0000\");\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\",\n \"CVE-2018-19967\", \"CVE-2018-18883\", \"CVE-2018-3620\", \"CVE-2018-3646\",\n \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\", \"CVE-2018-12891\",\n \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\",\n \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-10472\",\n \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-02 06:16:35 +0000 (Tue, 02 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-28 13:54:39 +0000 (Thu, 28 Mar 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-bce6498890\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-bce6498890\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'xen' package(s) announced via the FEDORA-2019-bce6498890 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and\n xm command line tools, needed to manage virtual machines running under the\n Xen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.3~2.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19665", "CVE-2019-6778", "CVE-2018-19961", "CVE-2019-9824", "CVE-2018-19966", "CVE-2018-19967"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-18T00:00:00", "id": "OPENVAS:1361412562310852436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852436", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2019:1226-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852436\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-19665\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\",\n \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2019-6778\", \"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-18 02:01:09 +0000 (Thu, 18 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2019:1226-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1226-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2019:1226-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the\n host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)\n\n - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp\n (bsc#1123157).\n\n - Fixed an issue which could allow malicious or buggy guests with passed\n through PCI devices to be able to escalate their privileges, crash the\n host, or access data belonging to other guests. Additionally memory\n leaks were also possible (bsc#1126140).\n\n - Fixed a race condition issue which could allow malicious PV guests to\n escalate their privilege to that\n of the hypervisor (bsc#1126141).\n\n - Fixed an issue which could allow a malicious unprivileged guest\n userspace process to escalate its privilege to that of other userspace\n processes in the same guest and potentially thereby to that\n of the guest operating system (bsc#1126201).\n\n - CVE-2019-9824: Fixed an information leak in SLiRP networking\n implementation which could allow a user/process to read uninitialised\n stack memory contents (bsc#1129623).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n\n - Fixed an issue which could allow malicious PV guests may cause a host\n crash or gain access to data pertaining to other guests.Additionally,\n vulnerable configurations are likely to be unstable even in the absence\n of an attack (bsc#1126198).\n\n - Fixed multiple access violations introduced by XENMEM_exchange hypercall\n which could allow a single PV guest to leak arbitrary amounts of memory,\n leading to a denial of service (bsc#1126192).\n\n - Fixed an issue which could allow malicious 64bit PV guests to cause a\n host crash (bsc#1127400).\n\n - Fixed an issue which could allow malicious or buggy x86 PV guest kernels\n to mount a Denial of Service attack affecting the whole system\n (bsc#1126197).\n\n - Fixed an issue which could allow an untrusted PV domain with access to a\n physical device to DMA into its own pagetables leading to privilege\n escalation (bsc#1126195).\n\n - Fixed an issue which could allow a malicious or buggy x86 PV guest\n kernels can mount a Denial of Service attack affecting the whole system\n (bsc#1126196).\n\n Other issues addressed:\n\n - ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-05T01:40:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-12126", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-12127", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-06-02T00:00:00", "id": "OPENVAS:1361412562310876441", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876441", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-1f5832fc0e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876441\");\n script_version(\"2019-06-04T07:02:10+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 07:02:10 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-02 02:14:45 +0000 (Sun, 02 Jun 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-1f5832fc0e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1f5832fc0e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-1f5832fc0e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.1~5.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-05T18:45:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-12126", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-12127", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-07-04T00:00:00", "published": "2019-07-03T00:00:00", "id": "OPENVAS:1361412562310876553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876553", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-899ef6056c", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876553\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-03 02:14:22 +0000 (Wed, 03 Jul 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-899ef6056c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-899ef6056c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYQMPU6JCA3G7LGCPK4KO4VZICQ4CB7F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-899ef6056c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.1~6.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3665", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310875255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875255", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-73dd8de892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_73dd8de892_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-73dd8de892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875255\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\", \"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-10472\", \"CVE-2018-10471\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 06:20:33 +0100 (Mon, 12 Nov 2018)\");\n script_name(\"Fedora Update for xen FEDORA-2018-73dd8de892\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-73dd8de892\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4MA4UUBF3E5HSEL3AI2HU7ITV2Z4YKI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2018-73dd8de892 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"xen on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.2~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-14T06:16:43", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS). (XSA-280)\n(bsc#1115047)\n\nCVE-2018-18883: Fixed an issue related to inproper restriction of\nnested VT-x, which allowed a guest to cause Xen to crash, resulting in\na Denial of Service (DoS). (XSA-278) (bsc#1114405)\n\nCVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\nguests to enable Branch Trace Store and may cause a Denial of Service\n(DoS) of the entire host. (XSA-269) (bsc#1103276)\n\nCVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\nproperly implemented and may cause a Denial of Service (DoS).\n(XSA-268) (bsc#1103275)\n\nCVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\nwrites, which allowed a guest to write memory unbounded leading to\nsystem-wide Denial of Service (DoS). (XSA-272) (bsc#1103279)\n\nCVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n(XSA-273) (bsc#1091107)\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nFixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\nFixed a kernel oops related to fs/dcache.c called by\nd_materialise_unique() (bsc#1094508)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:4300-1) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-4300-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120196", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4300-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120196);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:4300-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS). (XSA-280)\n(bsc#1115047)\n\nCVE-2018-18883: Fixed an issue related to inproper restriction of\nnested VT-x, which allowed a guest to cause Xen to crash, resulting in\na Denial of Service (DoS). (XSA-278) (bsc#1114405)\n\nCVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\nguests to enable Branch Trace Store and may cause a Denial of Service\n(DoS) of the entire host. (XSA-269) (bsc#1103276)\n\nCVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\nproperly implemented and may cause a Denial of Service (DoS).\n(XSA-268) (bsc#1103275)\n\nCVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\nwrites, which allowed a guest to write memory unbounded leading to\nsystem-wide Denial of Service (DoS). (XSA-272) (bsc#1103279)\n\nCVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n(XSA-273) (bsc#1091107)\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nFixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\nFixed a kernel oops related to fs/dcache.c called by\nd_materialise_unique() (bsc#1094508)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15468/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15469/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184300-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3af96718\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2018-3063=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-3063=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-devel-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:40:23", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2019-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/123167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1046.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123167);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)\");\n script_summary(english:\"Check for the openSUSE-2019-1046 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-debugsource-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-devel-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs-32bit / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:35:37", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue was found in the LSI53C895A SCSI Host Bus Adapter\n emulation while writing a message in lsi_do_msgin\n (bsc#1114423).\n\n - CVE-2018-18883: Fixed a NULL pointer dereference that\n could have been triggered by nested VT-x that where not\n properly restricted (XSA-278)(bsc#1114405).\n\n - CVE-2018-19965: Fixed denial of service issue from\n attempting to use INVPCID with a non-canonical addresses\n (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that\n could have caused conflicts with shadow paging\n (XSA-280)(bsc#1115047).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB\n flushing / improper large page mappings with AMD IOMMUs\n (XSA-275)(bsc#1115040).\n\nNon-security issues fixed :\n\n - Added upstream bug fixes (bsc#1027519).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-12-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2018-1530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "modified": "2018-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2018-1530.NASL", "href": "https://www.tenable.com/plugins/nessus/119642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1530.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119642);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2018-1530)\");\n script_summary(english:\"Check for the openSUSE-2018-1530 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue was found in the LSI53C895A SCSI Host Bus Adapter\n emulation while writing a message in lsi_do_msgin\n (bsc#1114423).\n\n - CVE-2018-18883: Fixed a NULL pointer dereference that\n could have been triggered by nested VT-x that where not\n properly restricted (XSA-278)(bsc#1114405).\n\n - CVE-2018-19965: Fixed denial of service issue from\n attempting to use INVPCID with a non-canonical addresses\n (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that\n could have caused conflicts with shadow paging\n (XSA-280)(bsc#1115047).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB\n flushing / improper large page mappings with AMD IOMMUs\n (XSA-275)(bsc#1115040).\n\nNon-security issues fixed :\n\n - Added upstream bug fixes (bsc#1027519).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-debugsource-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-devel-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-doc-html-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-debuginfo-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-debuginfo-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-debuginfo-4.9.3_03-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-30T11:09:51", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-18849: Fixed an out of bounds memory access issue was found\nin the LSI53C895A SCSI Host Bus Adapter emulation while writing a\nmessage in lsi_do_msgin (bsc#1114423).\n\nCVE-2018-18883: Fixed a NULL pointer dereference that could have been\ntriggered by nested VT-x that where not properly restricted\n(XSA-278)(bsc#1114405).\n\nCVE-2018-19965: Fixed denial of service issue from attempting to use\nINVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\nCVE-2018-19966: Fixed issue introduced by XSA-240 that could have\ncaused conflicts with shadow paging (XSA-280)(bsc#1115047).\n\nCVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\nimproper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\nNon-security issues fixed: Added upstream bug fixes (bsc#1027519).\n\nFixed XEN SLE12-SP1 domU hang on SLE12-SP3 HV (bsc#1108940).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-12-13T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "modified": "2018-12-13T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-4070-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4070-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119648);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/28\");\n\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-18849: Fixed an out of bounds memory access issue was found\nin the LSI53C895A SCSI Host Bus Adapter emulation while writing a\nmessage in lsi_do_msgin (bsc#1114423).\n\nCVE-2018-18883: Fixed a NULL pointer dereference that could have been\ntriggered by nested VT-x that where not properly restricted\n(XSA-278)(bsc#1114405).\n\nCVE-2018-19965: Fixed denial of service issue from attempting to use\nINVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\nCVE-2018-19966: Fixed issue introduced by XSA-240 that could have\ncaused conflicts with shadow paging (XSA-280)(bsc#1115047).\n\nCVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\nimproper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\nNon-security issues fixed: Added upstream bug fixes (bsc#1027519).\n\nFixed XEN SLE12-SP1 domU hang on SLE12-SP3 HV (bsc#1108940).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19966/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184070-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14d54f65\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2896=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2896=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2896=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.3_03-3.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:27:22", "description": "xen: various flaws (#1685577) grant table transfer issues on large\nhosts [XSA-284] race with pass-through device hotplug [XSA-285] x86:\nsteal_page violates page_struct access discipline [XSA-287] x86:\nInconsistent PV IOMMU discipline [XSA-288] missing preemption in x86\nPV page table unvalidation [XSA-290] x86/PV: page type reference\ncounting issue with failed IOMMU update [XSA-291] x86: insufficient\nTLB flushing when using PCID [XSA-292] x86: PV kernel context switch\ncorruption [XSA-293] x86 shadow: Insufficient TLB flushing when using\nPCID [XSA-294]\n\n----\n\nupdate to xen-4.10.3\n\n----\n\n - insufficient TLB flushing / improper large page mappings\n with AMD IOMMUs [XSA-275] (#1651665)\n\n - x86: DoS from attempting to use INVPCID with a\n non-canonical addresses [XSA-279]\n\n - Fix for XSA-240 conflicts with shadow paging [XSA-280]\n\n----\n\nguest use of HLE constructs may lock up host [XSA-282]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-03-25T00:00:00", "title": "Fedora 28 : xen (2019-bce6498890)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-BCE6498890.NASL", "href": "https://www.tenable.com/plugins/nessus/123046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-bce6498890.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123046);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19963\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n script_xref(name:\"FEDORA\", value:\"2019-bce6498890\");\n\n script_name(english:\"Fedora 28 : xen (2019-bce6498890)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1685577) grant table transfer issues on large\nhosts [XSA-284] race with pass-through device hotplug [XSA-285] x86:\nsteal_page violates page_struct access discipline [XSA-287] x86:\nInconsistent PV IOMMU discipline [XSA-288] missing preemption in x86\nPV page table unvalidation [XSA-290] x86/PV: page type reference\ncounting issue with failed IOMMU update [XSA-291] x86: insufficient\nTLB flushing when using PCID [XSA-292] x86: PV kernel context switch\ncorruption [XSA-293] x86 shadow: Insufficient TLB flushing when using\nPCID [XSA-294]\n\n----\n\nupdate to xen-4.10.3\n\n----\n\n - insufficient TLB flushing / improper large page mappings\n with AMD IOMMUs [XSA-275] (#1651665)\n\n - x86: DoS from attempting to use INVPCID with a\n non-canonical addresses [XSA-279]\n\n - Fix for XSA-240 conflicts with shadow paging [XSA-280]\n\n----\n\nguest use of HLE constructs may lock up host [XSA-282]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-bce6498890\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"xen-4.10.3-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:19:33", "description": "L1 Terminal Fault speculative side channel patch bundle [XSA-273,\nCVE-2018-3620, CVE-2018-3646] drop patches also in the bundle, which\nalso includes Use of v2 grant tables may cause crash on ARM [XSA-268]\n(#1616081) x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS\n[XSA-269] (#1616077) oxenstored does not apply quota-maxentity\n[XSA-272] (#1616080)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-09-04T00:00:00", "title": "Fedora 27 : xen (2018-915602df63) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15468", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-3620", "CVE-2018-15469"], "modified": "2018-09-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2018-915602DF63.NASL", "href": "https://www.tenable.com/plugins/nessus/112234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-915602df63.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112234);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-3620\", \"CVE-2018-3646\");\n script_xref(name:\"FEDORA\", value:\"2018-915602df63\");\n\n script_name(english:\"Fedora 27 : xen (2018-915602df63) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"L1 Terminal Fault speculative side channel patch bundle [XSA-273,\nCVE-2018-3620, CVE-2018-3646] drop patches also in the bundle, which\nalso includes Use of v2 grant tables may cause crash on ARM [XSA-268]\n(#1616081) x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS\n[XSA-269] (#1616077) oxenstored does not apply quota-maxentity\n[XSA-272] (#1616080)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-915602df63\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.2-7.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:18:39", "description": "L1 Terminal Fault speculative side channel patch bundle [XSA-273,\nCVE-2018-3620, CVE-2018-3646] drop patches also in the bundle, which\nalso includes Use of v2 grant tables may cause crash on ARM [XSA-268]\n(#1616081) x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS\n[XSA-269] (#1616077) oxenstored does not apply quota-maxentity\n[XSA-272] (#1616080)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : xen (2018-683dfde81a) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15468", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-3620", "CVE-2018-15469"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-683DFDE81A.NASL", "href": "https://www.tenable.com/plugins/nessus/120490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-683dfde81a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120490);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-3620\", \"CVE-2018-3646\");\n script_xref(name:\"FEDORA\", value:\"2018-683dfde81a\");\n\n script_name(english:\"Fedora 28 : xen (2018-683dfde81a) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"L1 Terminal Fault speculative side channel patch bundle [XSA-273,\nCVE-2018-3620, CVE-2018-3646] drop patches also in the bundle, which\nalso includes Use of v2 grant tables may cause crash on ARM [XSA-268]\n(#1616081) x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS\n[XSA-269] (#1616077) oxenstored does not apply quota-maxentity\n[XSA-272] (#1616080)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-683dfde81a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3646\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"xen-4.10.1-6.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-20T12:34:52", "description": "This update for xen fixes the following issues :\n\nXEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)\n\n - CVE-2018-17963: qemu_deliver_packet_iov accepted packet\n sizes greater than INT_MAX, which allows attackers to\n cause a denial of service or possibly have unspecified\n other impact. (bsc#1111014)\n\n - CVE-2018-15470: oxenstored might not have enforced the\n configured quota-maxentity. This allowed a malicious or\n buggy guest to write as many xenstore entries as it\n wishes, causing unbounded memory usage in oxenstored.\n This can lead to a system-wide DoS. (XSA-272)\n (bsc#1103279)\n\n - CVE-2018-15469: ARM never properly implemented grant\n table v2, either in the hypervisor or in Linux.\n Unfortunately, an ARM guest can still request v2 grant\n tables; they will simply not be properly set up,\n resulting in subsequent grant-related hypercalls hitting\n BUG() checks. An unprivileged guest can cause a BUG()\n check in the hypervisor, resulting in a\n denial-of-service (crash). (XSA-268) (bsc#1103275) Note\n that SUSE does not ship ARM Xen, so we are not affected.\n\n - CVE-2018-15468: The DEBUGCTL MSR contains several\n debugging features, some of which virtualise cleanly,\n but some do not. In particular, Branch Trace Store is\n not virtualised by the processor, and software has to be\n careful to configure it suitably not to lock up the\n core. As a result, it must only be available to fully\n trusted guests. Unfortunately, in the case that vPMU is\n disabled, all value checking was skipped, allowing the\n guest to choose any MSR_DEBUGCTL setting it likes. A\n malicious or buggy guest administrator (on Intel x86 HVM\n or PVH) can lock up the entire host, causing a Denial of\n Service. (XSA-269) (bsc#1103276)\n\n - CVE-2018-3646: Systems with microprocessors utilizing\n speculative execution and address translations may have\n allowed unauthorized disclosure of information residing\n in the L1 data cache to an attacker with local user\n access with guest OS privilege via a terminal page fault\n and a side-channel analysis. (XSA-273) (bsc#1091107)\n\nNon security issues fixed :\n\n - The affinity reporting via 'xl vcpu-list' was broken\n (bsc#1106263)\n\n - Kernel oops in fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2018-1331) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15468", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-17963", "CVE-2018-15469"], "modified": "2018-10-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2018-1331.NASL", "href": "https://www.tenable.com/plugins/nessus/118563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1331.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118563);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-17963\", \"CVE-2018-3646\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2018-1331) (Foreshadow)\");\n script_summary(english:\"Check for the openSUSE-2018-1331 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nXEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)\n\n - CVE-2018-17963: qemu_deliver_packet_iov accepted packet\n sizes greater than INT_MAX, which allows attackers to\n cause a denial of service or possibly have unspecified\n other impact. (bsc#1111014)\n\n - CVE-2018-15470: oxenstored might not have enforced the\n configured quota-maxentity. This allowed a malicious or\n buggy guest to write as many xenstore entries as it\n wishes, causing unbounded memory usage in oxenstored.\n This can lead to a system-wide DoS. (XSA-272)\n (bsc#1103279)\n\n - CVE-2018-15469: ARM never properly implemented grant\n table v2, either in the hypervisor or in Linux.\n Unfortunately, an ARM guest can still request v2 grant\n tables; they will simply not be properly set up,\n resulting in subsequent grant-related hypercalls hitting\n BUG() checks. An unprivileged guest can cause a BUG()\n check in the hypervisor, resulting in a\n denial-of-service (crash). (XSA-268) (bsc#1103275) Note\n that SUSE does not ship ARM Xen, so we are not affected.\n\n - CVE-2018-15468: The DEBUGCTL MSR contains several\n debugging features, some of which virtualise cleanly,\n but some do not. In particular, Branch Trace Store is\n not virtualised by the processor, and software has to be\n careful to configure it suitably not to lock up the\n core. As a result, it must only be available to fully\n trusted guests. Unfortunately, in the case that vPMU is\n disabled, all value checking was skipped, allowing the\n guest to choose any MSR_DEBUGCTL setting it likes. A\n malicious or buggy guest administrator (on Intel x86 HVM\n or PVH) can lock up the entire host, causing a Denial of\n Service. (XSA-269) (bsc#1103276)\n\n - CVE-2018-3646: Systems with microprocessors utilizing\n speculative execution and address translations may have\n allowed unauthorized disclosure of information residing\n in the L1 data cache to an attacker with local user\n access with guest OS privilege via a terminal page fault\n and a side-channel analysis. (XSA-273) (bsc#1091107)\n\nNon security issues fixed :\n\n - The affinity reporting via 'xl vcpu-list' was broken\n (bsc#1106263)\n\n - Kernel oops in fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111014\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-debugsource-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-devel-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-doc-html-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-debuginfo-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-debuginfo-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-4.9.3_03-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-debuginfo-4.9.3_03-31.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:14:48", "description": "This update for xen fixes the following issues :\n\nXEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)\n\nCVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater\nthan INT_MAX, which allows attackers to cause a denial of service or\npossibly have unspecified other impact. (bsc#1111014)\n\nCVE-2018-15470: oxenstored might not have enforced the configured\nquota-maxentity. This allowed a malicious or buggy guest to write as\nmany xenstore entries as it wishes, causing unbounded memory usage in\noxenstored. This can lead to a system-wide DoS. (XSA-272)\n(bsc#1103279)\n\nCVE-2018-15469: ARM never properly implemented grant table v2, either\nin the hypervisor or in Linux. Unfortunately, an ARM guest can still\nrequest v2 grant tables; they will simply not be properly set up,\nresulting in subsequent grant-related hypercalls hitting BUG() checks.\nAn unprivileged guest can cause a BUG() check in the hypervisor,\nresulting in a denial-of-service (crash). (XSA-268) (bsc#1103275) Note\nthat SUSE does not ship ARM Xen, so we are not affected.\n\nCVE-2018-15468: The DEBUGCTL MSR contains several debugging features,\nsome of which virtualise cleanly, but some do not. In particular,\nBranch Trace Store is not virtualised by the processor, and software\nhas to be careful to configure it suitably not to lock up the core. As\na result, it must only be available to fully trusted guests.\nUnfortunately, in the case that vPMU is disabled, all value checking\nwas skipped, allowing the guest to choose any MSR_DEBUGCTL setting it\nlikes. A malicious or buggy guest administrator (on Intel x86 HVM or\nPVH) can lock up the entire host, causing a Denial of Service.\n(XSA-269) (bsc#1103276)\n\nCVE-2018-3646: Systems with microprocessors utilizing speculative\nexecution and address translations may have allowed unauthorized\ndisclosure of information residing in the L1 data cache to an attacker\nwith local user access with guest OS privilege via a terminal page\nfault and a side-channel analysis. (XSA-273) (bsc#1091107)\n\nNon security issues fixed: The affinity reporting via 'xl vcpu-list'\nwas broken (bsc#1106263)\n\nKernel oops in fs/dcache.c called by d_materialise_unique()\n(bsc#1094508)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:3490-1) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15468", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-17963", "CVE-2018-15469"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-3490-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3490-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118491);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-17963\", \"CVE-2018-3646\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:3490-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nXEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)\n\nCVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater\nthan INT_MAX, which allows attackers to cause a denial of service or\npossibly have unspecified other impact. (bsc#1111014)\n\nCVE-2018-15470: oxenstored might not have enforced the configured\nquota-maxentity. This allowed a malicious or buggy guest to write as\nmany xenstore entries as it wishes, causing unbounded memory usage in\noxenstored. This can lead to a system-wide DoS. (XSA-272)\n(bsc#1103279)\n\nCVE-2018-15469: ARM never properly implemented grant table v2, either\nin the hypervisor or in Linux. Unfortunately, an ARM guest can still\nrequest v2 grant tables; they will simply not be properly set up,\nresulting in subsequent grant-related hypercalls hitting BUG() checks.\nAn unprivileged guest can cause a BUG() check in the hypervisor,\nresulting in a denial-of-service (crash). (XSA-268) (bsc#1103275) Note\nthat SUSE does not ship ARM Xen, so we are not affected.\n\nCVE-2018-15468: The DEBUGCTL MSR contains several debugging features,\nsome of which virtualise cleanly, but some do not. In particular,\nBranch Trace Store is not virtualised by the processor, and software\nhas to be careful to configure it suitably not to lock up the core. As\na result, it must only be available to fully trusted guests.\nUnfortunately, in the case that vPMU is disabled, all value checking\nwas skipped, allowing the guest to choose any MSR_DEBUGCTL setting it\nlikes. A malicious or buggy guest administrator (on Intel x86 HVM or\nPVH) can lock up the entire host, causing a Denial of Service.\n(XSA-269) (bsc#1103276)\n\nCVE-2018-3646: Systems with microprocessors utilizing speculative\nexecution and address translations may have allowed unauthorized\ndisclosure of information residing in the L1 data cache to an attacker\nwith local user access with guest OS privilege via a terminal page\nfault and a side-channel analysis. (XSA-273) (bsc#1091107)\n\nNon security issues fixed: The affinity reporting via 'xl vcpu-list'\nwas broken (bsc#1106263)\n\nKernel oops in fs/dcache.c called by d_materialise_unique()\n(bsc#1094508)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15468/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15469/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183490-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6171ceda\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2492=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2492=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2492=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.3_03-3.44.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.3_03-3.44.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:41:33", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation. For Debian 8 'Jessie', these problems have been\nfixed in version 4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-10-09T00:00:00", "title": "Debian DLA-1949-1 : xen security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19961", "CVE-2018-19966"], "modified": "2019-10-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen-system-arm64", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-amd64", "p-cpe:/a:debian:debian_linux:xen-system-armhf", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xenstore-utils", "p-cpe:/a:debian:debian_linux:libxen-4.4", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-armhf", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-arm64", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:xen-utils-4.4"], "id": "DEBIAN_DLA-1949.NASL", "href": "https://www.tenable.com/plugins/nessus/129734", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1949-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129734);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19966\");\n\n script_name(english:\"Debian DLA-1949-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation. For Debian 8 'Jessie', these problems have been\nfixed in version 4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxen-4.4\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxen-dev\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxenstore3.0\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-amd64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-arm64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-armhf\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-amd64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-arm64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-armhf\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-4.4\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-common\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xenstore-utils\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-12-30T14:02:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "description": "This update for xen fixes the following issues:\n\n Update to Xen 4.10.2 bug fix release (bsc#1027519).\n\n Security vulnerabilities fixed:\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\n TLB flushing with AMD IOMMUs, which potentially allowed a guest to\n escalate its privileges, may cause a Denial of Service (DoS) affecting\n the entire host, or may be able to access data it is not supposed to\n access. (XSA-275) (bsc#1115040)\n - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in\n case non-canonical addresses are accessed, which may allow a guest to\n cause Xen to crash, resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\n which conflicted with shadow paging and allowed a guest to cause Xen to\n crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)\n - CVE-2018-18883: Fixed an issue related to inproper restriction of nested\n VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial\n of Service (DoS). (XSA-278) (bsc#1114405)\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\n guests to enable Branch Trace Store and may cause a Denial of Service\n (DoS) of the entire host. (XSA-269) (bsc#1103276)\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\n properly implemented and may cause a Denial of Service (DoS). (XSA-268)\n (bsc#1103275)\n - CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\n writes, which allowed a guest to write memory unbounded leading to\n system-wide Denial\n of Service (DoS). (XSA-272) (bsc#1103279)\n - CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n (XSA-273) (bsc#1091107)\n\n Other bugs fixed:\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)\n - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-29T15:11:23", "published": "2018-12-29T15:11:23", "id": "OPENSUSE-SU-2018:4304-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00073.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-13T05:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "description": "This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue was found in\n the LSI53C895A SCSI Host Bus Adapter emulation while writing a message\n in lsi_do_msgin (bsc#1114423).\n - CVE-2018-18883: Fixed a NULL pointer dereference that could have been\n triggered by nested VT-x that where not properly restricted\n (XSA-278)(bsc#1114405).\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\n Non-security issues fixed:\n\n - Added upstream bug fixes (bsc#1027519).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-12-13T03:17:36", "published": "2018-12-13T03:17:36", "id": "OPENSUSE-SU-2018:4111-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-04-17T22:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19665", "CVE-2019-6778", "CVE-2018-19961", "CVE-2019-9824", "CVE-2018-19966", "CVE-2018-19967"], "description": "This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the\n host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)\n - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp\n (bsc#1123157).\n - Fixed an issue which could allow malicious or buggy guests with passed\n through PCI devices to be able to escalate their privileges, crash the\n host, or access data belonging to other guests. Additionally memory\n leaks were also possible (bsc#1126140).\n - Fixed a race condition issue which could allow malicious PV guests to\n escalate their privilege to that\n of the hypervisor (bsc#1126141).\n - Fixed an issue which could allow a malicious unprivileged guest\n userspace process to escalate its privilege to that of other userspace\n processes in the same guest and potentially thereby to that\n of the guest operating system (bsc#1126201).\n - CVE-2019-9824: Fixed an information leak in SLiRP networking\n implementation which could allow a user/process to read uninitialised\n stack memory contents (bsc#1129623).\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n - Fixed an issue which could allow malicious PV guests may cause a host\n crash or gain access to data pertaining to other guests.Additionally,\n vulnerable configurations are likely to be unstable even in the absence\n of an attack (bsc#1126198).\n - Fixed multiple access violations introduced by XENMEM_exchange hypercall\n which could allow a single PV guest to leak arbitrary amounts of memory,\n leading to a denial of service (bsc#1126192).\n - Fixed an issue which could allow malicious 64bit PV guests to cause a\n host crash (bsc#1127400).\n - Fixed an issue which could allow malicious or buggy x86 PV guest kernels\n to mount a Denial of Service attack affecting the whole system\n (bsc#1126197).\n - Fixed an issue which could allow an untrusted PV domain with access to a\n physical device to DMA into its own pagetables leading to privilege\n escalation (bsc#1126195).\n - Fixed an issue which could allow a malicious or buggy x86 PV guest\n kernels can mount a Denial of Service attack affecting the whole system\n (bsc#1126196).\n\n Other issues addressed:\n\n - Upstream bug fixes (bsc#1027519)\n - Fixed an issue where live migrations were failing when spectre was\n enabled on xen boot cmdline (bsc#1116380).\n - Fixed an issue where setup of grant_tables and other variables may fail\n (bsc#1126325).\n - Fixed a building issue (bsc#1119161).\n - Fixed an issue where xpti=no-dom0 was not working as expected\n (bsc#1105528).\n - Packages should no longer use /var/adm/fillup-templates (bsc#1069468).\n - Added Xen cmdline option &quot;suse_vtsc_tolerance&quot; to avoid TSC emulation\n for HVM domUs (bsc#1026236).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-04-17T21:19:38", "published": "2019-04-17T21:19:38", "id": "OPENSUSE-SU-2019:1226-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-19T17:06:37", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3646"], "description": "This update for xen fixes the following security issues:\n\n - CVE-2018-3646: Systems with microprocessors utilizing speculative\n execution and address translations may have allowed unauthorized\n disclosure of information residing in the L1 data cache to an attacker\n with local user access with guest OS privilege via a terminal page fault\n and a side-channel analysis (bsc#1091107, bsc#1027519).\n - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a\n malicious or buggy guest administrator can lock up the entire host\n (bsc#1103276)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-08-19T15:10:45", "published": "2018-08-19T15:10:45", "id": "OPENSUSE-SU-2018:2436-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00068.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-19T17:06:37", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3646"], "description": "This update for xen fixes the following security issues:\n\n - CVE-2018-3646: Systems with microprocessors utilizing speculative\n execution and address translations may have allowed unauthorized\n disclosure of information residing in the L1 data cache to an attacker\n with local user access with guest OS privilege via a terminal page fault\n and a side-channel analysis (bsc#1091107, bsc#1027519).\n - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a\n malicious or buggy guest administrator can lock up the entire host\n (bsc#1103276)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-08-19T15:09:36", "published": "2018-08-19T15:09:36", "id": "OPENSUSE-SU-2018:2434-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00067.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2020-12-09T20:25:39", "description": "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.", "edition": 7, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19961", "type": "cve", "cwe": ["CWE-459"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19961"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/a:citrix:xenserver:7.5", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:7.6", "cpe:/a:citrix:xenserver:7.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19961", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19961", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:39", "description": "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.", "edition": 7, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19962", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19962"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/a:citrix:xenserver:7.5", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:7.6", "cpe:/a:citrix:xenserver:7.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19962", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:36", "description": "An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.", "edition": 6, "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.0, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-08-17T18:29:00", "title": "CVE-2018-15468", "type": "cve", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15468"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.0"], "id": "CVE-2018-15468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15468", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:36", "description": "An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 \"Operations on data structures\" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.", "edition": 5, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-08-17T18:29:00", "title": "CVE-2018-15470", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15470"], "modified": "2018-11-13T11:29:00", "cpe": ["cpe:/o:xen:xen:4.11.0"], "id": "CVE-2018-15470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15470", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:36", "description": "An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).", "edition": 5, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-08-17T18:29:00", "title": "CVE-2018-15469", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15469"], "modified": "2019-03-08T17:05:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:xen:xen:4.11.0"], "id": "CVE-2018-15469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15469", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:39", "description": "An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.", "edition": 6, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-11-01T00:29:00", "title": "CVE-2018-18883", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18883"], "modified": "2019-01-24T14:23:00", "cpe": ["cpe:/o:xen:xen:4.11.0"], "id": "CVE-2018-18883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18883", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:39", "description": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19966", "type": "cve", "cwe": ["CWE-436"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19966"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19966", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19966", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:39", "description": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.", "edition": 6, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19965", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19965"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/a:citrix:xenserver:7.5", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:7.6", "cpe:/a:citrix:xenserver:7.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19965", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:21", "description": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.", "edition": 6, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-08-14T19:29:00", "title": "CVE-2018-3646", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3646"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/h:intel:core_i3:4330t", "cpe:/h:intel:core_i7:840qm", "cpe:/h:intel:core_i3:530", "cpe:/h:intel:core_i5:4200u", "cpe:/h:intel:core_i5:2405s", "cpe:/h:intel:core_i7:4710hq", "cpe:/h:intel:core_i7:875k", "cpe:/h:intel:core_i3:6098p", "cpe:/h:intel:core_i7:870s", "cpe:/h:intel:core_i7:4610m", "cpe:/h:intel:core_i7:2675qm", "cpe:/h:intel:core_i7:4702ec", "cpe:/h:intel:core_i5:480m", "cpe:/h:intel:core_i3:2330e", "cpe:/h:intel:core_i5:4410e", "cpe:/h:intel:core_i7:4700hq", "cpe:/h:intel:core_i7:610e", "cpe:/h:intel:core_i3:2340ue", "cpe:/h:intel:core_i7:4800mq", "cpe:/h:intel:core_m:5y31", "cpe:/h:intel:core_i7:2620m", "cpe:/h:intel:core_i5:3550", "cpe:/h:intel:core_i3:2120", "cpe:/h:intel:core_i5:6400t", "cpe:/h:intel:core_i3:350m", "cpe:/h:intel:core_i7:3615qm", "cpe:/h:intel:core_i3:3227u", "cpe:/h:intel:core_i5:4200y", "cpe:/h:intel:core_i3:2357m", "cpe:/h:intel:core_i7:4750hq", "cpe:/h:intel:core_i3:2377m", "cpe:/h:intel:core_m:5y10", "cpe:/h:intel:core_i7:3537u", "cpe:/h:intel:core_i5:4422e", "cpe:/h:intel:core_i5:6200u", "cpe:/h:intel:core_i3:6100h", "cpe:/h:intel:core_i5:4670r", "cpe:/h:intel:core_i7:4770te", "cpe:/h:intel:core_i5:4300y", "cpe:/h:intel:core_i5:3610me", "cpe:/h:intel:core_i5:4250u", "cpe:/h:intel:core_i5:3475s", "cpe:/h:intel:core_i7:3517ue", "cpe:/h:intel:core_i7:4500u", "cpe:/h:intel:core_i5:4430s", "cpe:/h:intel:core_i3:2365m", "cpe:/h:intel:core_i7:2920xm", "cpe:/h:intel:core_i3:330m", "cpe:/h:intel:core_i7:3612qm", "cpe:/h:intel:core_i7:4900mq", "cpe:/h:intel:core_i5:4258u", "cpe:/h:intel:core_i3:4160", "cpe:/h:intel:core_i5:4590", "cpe:/h:intel:core_i7:980x", "cpe:/h:intel:core_i7:5750hq", "cpe:/h:intel:core_i5:3470t", "cpe:/h:intel:core_i5:2500", "cpe:/h:intel:core_i3:3120me", "cpe:/h:intel:core_i5:4400e", "cpe:/h:intel:core_i3:8100", "cpe:/h:intel:core_i5:2450m", "cpe:/h:intel:core_i5:2300", "cpe:/h:intel:core_i5:4670", "cpe:/h:intel:core_i5:4300m", "cpe:/h:intel:core_i3:6167u", "cpe:/h:intel:core_i3:3220t", "cpe:/h:intel:core_i7:2617m", "cpe:/h:intel:core_i7:3540m", "cpe:/h:intel:core_i5:3427u", "cpe:/h:intel:core_i7:3610qm", "cpe:/h:intel:core_m:5y10c", "cpe:/h:intel:core_i7:3770", "cpe:/h:intel:core_i5:3450", "cpe:/h:intel:core_i7:620lm", "cpe:/h:intel:core_i5:5675r", "cpe:/h:intel:core_m:5y10a", "cpe:/h:intel:core_i7:4712hq", "cpe:/h:intel:core_i7:7560u", "cpe:/h:intel:core_i3:3229y", "cpe:/h:intel:core_i7:2610ue", "cpe:/h:intel:core_i7:975", "cpe:/h:intel:core_i5:2435m", "cpe:/h:intel:core_i3:2310m", "cpe:/h:intel:core_i5:4570", "cpe:/h:intel:core_i3:4030y", "cpe:/h:intel:core_i3:380um", "cpe:/h:intel:core_i5:4690s", "cpe:/h:intel:core_m5:6y54", "cpe:/h:intel:core_i7:3612qe", "cpe:/h:intel:core_i5:5350u", "cpe:/h:intel:core_i3:4012y", "cpe:/h:intel:core_i7:4700mq", "cpe:/h:intel:core_i5:3437u", "cpe:/h:intel:core_i7:4870hq", "cpe:/h:intel:core_i7:7700", "cpe:/h:intel:core_i3:2328m", "cpe:/h:intel:core_i7:2670qm", "cpe:/h:intel:core_i5:680", "cpe:/h:intel:core_i5:2537m", "cpe:/h:intel:core_i7:3632qm", "cpe:/h:intel:core_i3:2100t", "cpe:/h:intel:core_i7:4770", "cpe:/h:intel:core_i3:4100m", "cpe:/h:intel:core_i3:4370t", "cpe:/h:intel:core_i3:4150", "cpe:/h:intel:core_i3:6100e", "cpe:/h:intel:core_i5:470um", "cpe:/h:intel:core_i5:4220y", "cpe:/h:intel:core_i3:4102e", "cpe:/h:intel:core_i3:2370m", "cpe:/h:intel:core_i7:4960hq", "cpe:/h:intel:core_i7:860", "cpe:/h:intel:core_i3:2375m", "cpe:/h:intel:core_i3:4158u", "cpe:/h:intel:core_i7:4710mq", "cpe:/h:intel:core_i5:4460s", "cpe:/h:intel:core_i7:4702mq", "cpe:/h:intel:core_i7:4771", "cpe:/h:intel:core_i7:5850eq", "cpe:/h:intel:core_i3:390m", "cpe:/h:intel:core_m3:7y30", "cpe:/h:intel:core_i3:4170t", "cpe:/h:intel:core_i5:4340m", "cpe:/h:intel:core_i5:6300hq", "cpe:/h:intel:core_i3:5010u", "cpe:/h:intel:core_i5:4278u", "cpe:/h:intel:core_i7:4722hq", "cpe:/h:intel:core_i5:6500te", "cpe:/h:intel:core_i7:3770t", "cpe:/h:intel:core_i5:4440", "cpe:/h:intel:core_i5:5257u", "cpe:/h:intel:core_i7:4600m", "cpe:/h:intel:core_i5:3570", "cpe:/h:intel:core_i7:620m", "cpe:/h:intel:core_i5:3230m", "cpe:/h:intel:core_i7:7820hq", "cpe:/h:intel:core_i7:880", "cpe:/h:intel:core_i5:4690", "cpe:/h:intel:core_i7:4510u", "cpe:/h:intel:core_i3:2130", "cpe:/h:intel:core_i5:6350hq", "cpe:/h:intel:core_i5:4690t", "cpe:/h:intel:core_i7:4720hq", "cpe:/h:intel:core_i3:4160t", "cpe:/h:intel:core_i5:2500k", "cpe:/h:intel:core_i5:520m", "cpe:/h:intel:core_i3:2120t", "cpe:/h:intel:core_i5:6600", "cpe:/h:intel:core_i5:2500t", "cpe:/h:intel:core_i7:3840qm", "cpe:/h:intel:core_i3:560", "cpe:/h:intel:core_i7:3770k", "cpe:/h:intel:core_i7:5950hq", "cpe:/h:intel:core_i5:2320", "cpe:/h:intel:core_i5:2515e", "cpe:/h:intel:core_i7:950", "cpe:/h:intel:core_i3:4120u", "cpe:/h:intel:core_i5:540um", "cpe:/h:intel:core_i5:4330m", "cpe:/h:intel:core_i5:5350h", "cpe:/h:intel:core_i5:6685r", "cpe:/h:intel:core_i7:7820hk", "cpe:/h:intel:core_i3:2312m", "cpe:/h:intel:core_i5:2557m", "cpe:/h:intel:core_i7:4790k", "cpe:/h:intel:core_i5:4200h", "cpe:/h:intel:core_i5:3340s", "cpe:/h:intel:core_i3:3130m", "cpe:/h:intel:core_i7:8650u", "cpe:/h:intel:core_i3:5015u", "cpe:/h:intel:core_i5:2540m", "cpe:/h:intel:core_i7:4790s", "cpe:/h:intel:core_i5:6400", "cpe:/h:intel:core_i5:2390t", "cpe:/h:intel:core_i3:3220", "cpe:/h:intel:core_i5:580m", "cpe:/h:intel:core_i7:5550u", "cpe:/h:intel:core_i5:3320m", "cpe:/h:intel:core_i3:4025u", "cpe:/h:intel:core_i3:4010y", "cpe:/h:intel:core_i3:2330m", "cpe:/h:intel:core_i5:660", "cpe:/h:intel:core_i5:6440eq", "cpe:/h:intel:core_i5:5200u", "cpe:/h:intel:core_i7:2860qm", "cpe:/h:intel:core_i7:3615qe", "cpe:/h:intel:core_i5:6500", "cpe:/h:intel:core_i5:2430m", "cpe:/h:intel:core_i5:3330s", "cpe:/h:intel:core_i3:8350k", "cpe:/h:intel:core_i7:4578u", "cpe:/h:intel:core_i3:4150t", "cpe:/h:intel:core_i3:3225", "cpe:/h:intel:core_i7:2715qe", "cpe:/h:intel:core_i3:6300", "cpe:/h:intel:core_i5:760", "cpe:/h:intel:core_i5:3439y", "cpe:/h:intel:core_i5:540m", "cpe:/h:intel:core_i7:640um", "cpe:/h:intel:core_m3:7y32", "cpe:/h:intel:core_i7:3555le", "cpe:/h:intel:core_i7:2655le", "cpe:/h:intel:core_i3:3217u", "cpe:/h:intel:core_i3:6100u", "cpe:/h:intel:core_m7:6y75", "cpe:/h:intel:core_i7:940", "cpe:/h:intel:core_i5:6600t", "cpe:/h:intel:core_i7:640lm", "cpe:/h:intel:core_i3:5005u", "cpe:/h:intel:core_i5:2467m", "cpe:/h:intel:core_i5:4308u", "cpe:/h:intel:core_i7:660ue", "cpe:/h:intel:core_i5:3380m", "cpe:/h:intel:core_i7:980", "cpe:/h:intel:core_i5:4210h", "cpe:/h:intel:core_i7:990x", "cpe:/h:intel:core_i7:660lm", "cpe:/h:intel:core_i5:2380p", "cpe:/h:intel:core_i7:7500u", "cpe:/h:intel:core_i5:4570t", "cpe:/h:intel:core_i3:4020y", "cpe:/h:intel:core_i3:330um", "cpe:/h:intel:core_i5:4360u", "cpe:/h:intel:core_i5:3360m", "cpe:/h:intel:core_i3:6320", "cpe:/h:intel:core_i7:3689y", "cpe:/h:intel:core_i7:4600u", "cpe:/h:intel:core_i7:820qm", "cpe:/h:intel:core_i3:3250", "cpe:/h:intel:core_i3:4360t", "cpe:/h:intel:core_i5:4350u", "cpe:/h:intel:core_i7:4790t", "cpe:/h:intel:core_i3:4112e", "cpe:/h:intel:core_i5:460m", "cpe:/h:intel:core_i7:3635qm", "cpe:/h:intel:core_i7:4558u", "cpe:/h:intel:core_i5:4690k", "cpe:/h:intel:core_i5:2410m", "cpe:/h:intel:core_i7:740qm", "cpe:/h:intel:core_i5:6500t", "cpe:/h:intel:core_i5:3350p", "cpe:/h:intel:core_i3:3110m", "cpe:/h:intel:core_i7:920xm", "cpe:/h:intel:core_i5:4402e", "cpe:/h:intel:core_i3:4340te", "cpe:/h:intel:core_i7:4770s", "cpe:/h:intel:core_i3:3120m", "cpe:/h:intel:core_i7:4950hq", "cpe:/h:intel:core_i5:8350u", "cpe:/h:intel:core_i7:620um", "cpe:/h:intel:core_i7:5700eq", "cpe:/h:intel:core_i7:940xm", "cpe:/h:intel:core_i7:5775r", "cpe:/h:intel:core_i3:3217ue", "cpe:/h:intel:core_i7:3770s", "cpe:/h:intel:core_i3:3210", "cpe:/h:intel:core_i7:2635qm", "cpe:/h:intel:core_i7:660um", "cpe:/h:intel:core_i7:2710qe", "cpe:/h:intel:core_i5:2400", "cpe:/h:intel:core_m5:6y57", "cpe:/h:intel:core_i5:3570s", "cpe:/h:intel:core_i7:7820eq", "cpe:/h:intel:core_i7:4610y", "cpe:/h:intel:core_i3:3245", "cpe:/h:intel:core_i3:4130t", "cpe:/h:intel:core_i5:2520m", "cpe:/h:intel:core_i7:860s", "cpe:/h:intel:core_i5:6267u", "cpe:/h:intel:core_i5:6402p", "cpe:/h:intel:core_i5:4460", "cpe:/h:intel:core_i7:620ue", "cpe:/h:intel:core_i7:3517u", "cpe:/h:intel:core_i3:4110m", "cpe:/h:intel:core_i5:4430", "cpe:/h:intel:core_i5:430m", "cpe:/h:intel:core_i5:5287u", "cpe:/h:intel:core_i5:5300u", "cpe:/h:intel:core_i3:2115c", "cpe:/h:intel:core_i3:4110e", "cpe:/h:intel:core_i3:4005u", "cpe:/h:intel:core_i5:430um", "cpe:/h:intel:core_i7:640m", "cpe:/h:intel:core_i7:965", "cpe:/h:intel:core_i5:3317u", "cpe:/h:intel:core_i3:5157u", "cpe:/h:intel:core_i7:2600", "cpe:/h:intel:core_i5:3470", "cpe:/h:intel:core_i5:8400", "cpe:/h:intel:core_i3:4340", "cpe:/h:intel:core_i5:4200m", "cpe:/h:intel:core_i5:4570r", "cpe:/h:intel:core_i7:970", "cpe:/h:intel:core_m3:6y30", "cpe:/h:intel:core_i5:3470s", "cpe:/h:intel:core_i5:6287u", "cpe:/h:intel:core_i7:5650u", "cpe:/h:intel:core_i3:540", "cpe:/h:intel:core_i7:2640m", "cpe:/h:intel:core_i3:4100u", "cpe:/h:intel:core_i7:4702hq", "cpe:/h:intel:core_i7:2677m", "cpe:/h:intel:core_i5:4590t", "cpe:/h:intel:core_i5:3570t", "cpe:/h:intel:core_i5:4670t", "cpe:/h:intel:core_i3:4000m", "cpe:/h:intel:core_i7:4850hq", "cpe:/h:intel:core_i7:4810mq", "cpe:/h:intel:core_i7:4860hq", "cpe:/h:intel:core_i7:8700k", "cpe:/h:intel:core_i3:3250t", "cpe:/h:intel:core_i7:3630qm", "cpe:/h:intel:core_m:5y70", "cpe:/h:intel:core_i5:2400s", "cpe:/h:intel:core_i5:5250u", "cpe:/h:intel:core_i3:4170", "cpe:/h:intel:core_i3:5020u", "cpe:/h:intel:core_i5:6585r", "cpe:/h:intel:core_i3:4360", "cpe:/h:intel:core_i7:2600k", "cpe:/h:intel:core_i3:3240", "cpe:/h:intel:core_i5:3340", "cpe:/h:intel:core_i5:520um", "cpe:/h:intel:core_i5:3450s", "cpe:/h:intel:core_i5:750", "cpe:/h:intel:core_i5:6360u", "cpe:/h:intel:core_i7:720qm", "cpe:/h:intel:core_i5:3340m", "cpe:/h:intel:core_i5:4440s", "cpe:/h:intel:core_i7:4770t", "cpe:/h:intel:core_i5:6300u", "cpe:/h:intel:core_i5:6440hq", "cpe:/h:intel:core_i7:5600u", "cpe:/h:intel:core_i7:4770k", "cpe:/h:intel:core_i3:6100te", "cpe:/h:intel:core_i5:520e", "cpe:/h:intel:core_i5:3570k", "cpe:/h:intel:core_i3:330e", "cpe:/h:intel:core_i5:655k", "cpe:/h:intel:core_i5:6260u", "cpe:/h:intel:core_i5:4210y", "cpe:/h:intel:core_i7:3667u", "cpe:/h:intel:core_i3:4100e", "cpe:/h:intel:core_i7:7920hq", "cpe:/h:intel:core_i7:4650u", "cpe:/h:intel:core_i5:4670s", "cpe:/h:intel:core_i7:4770hq", "cpe:/h:intel:core_i7:4550u", "cpe:/h:intel:core_i5:4210u", "cpe:/h:intel:core_i5:3339y", "cpe:/h:intel:core_i5:650", "cpe:/h:intel:core_i5:3210m", "cpe:/h:intel:core_i7:3740qm", "cpe:/h:intel:core_i3:2367m", "cpe:/h:intel:core_i3:6300t", "cpe:/h:intel:core_i7:4910mq", "cpe:/h:intel:core_i5:8250u", "cpe:/h:intel:core_i7:2700k", "cpe:/h:intel:core_i7:620le", "cpe:/h:intel:core_i3:4350", "cpe:/h:intel:core_i7:3610qe", "cpe:/h:intel:core_i5:560um", "cpe:/h:intel:core_i5:4402ec", "cpe:/h:intel:core_i5:2510e", "cpe:/h:intel:core_i7:5557u", "cpe:/h:intel:core_i7:4700eq", "cpe:/h:intel:core_i5:3337u", "cpe:/h:intel:core_i5:4590s", "cpe:/h:intel:core_i7:2600s", "cpe:/h:intel:core_m:5y71", "cpe:/h:intel:core_i3:4130", "cpe:/h:intel:core_i7:7700t", "cpe:/h:intel:core_i7:7y75", "cpe:/h:intel:core_i7:680um", "cpe:/h:intel:core_i7:2630qm", "cpe:/h:intel:core_i3:4330", "cpe:/h:intel:core_i5:670", "cpe:/h:intel:core_i7:2649m", "cpe:/h:intel:core_i5:5675c", "cpe:/h:intel:core_i5:4570te", "cpe:/h:intel:core_i3:2105", "cpe:/h:intel:core_i3:2348m", "cpe:/h:intel:core_i3:2310e", "cpe:/h:intel:core_i5:5575r", "cpe:/h:intel:core_i5:560m", "cpe:/h:intel:core_i5:4670k", "cpe:/h:intel:core_i5:6442eq", "cpe:/h:intel:core_i7:5775c", "cpe:/h:intel:core_i3:380m", "cpe:/h:intel:core_i3:2100", "cpe:/h:intel:core_i7:4770r", "cpe:/h:intel:core_i5:4202y", "cpe:/h:intel:core_i5:661", "cpe:/h:intel:core_i7:2637m", "cpe:/h:intel:core_i7:4790", "cpe:/h:intel:core_i3:370m", "cpe:/h:intel:core_i5:450m", "cpe:/h:intel:core_i7:2960xm", "cpe:/h:intel:core_i5:2500s", "cpe:/h:intel:core_i7:3720qm", "cpe:/h:intel:core_i7:960", "cpe:/h:intel:core_i5:4260u", "cpe:/h:intel:core_i7:7700k", "cpe:/h:intel:core_i3:6102e", "cpe:/h:intel:core_i5:4310m", "cpe:/h:intel:core_i5:8600k", "cpe:/h:intel:core_i7:4980hq", "cpe:/h:intel:core_i5:6600k", "cpe:/h:intel:core_i3:3240t", "cpe:/h:intel:core_i5:4310u", "cpe:/h:intel:core_i5:3330", "cpe:/h:intel:core_i7:3687u", "cpe:/h:intel:core_i7:4760hq", "cpe:/h:intel:core_i3:2125", "cpe:/h:intel:core_i7:930", "cpe:/h:intel:core_i7:5850hq", "cpe:/h:intel:core_i3:550", "cpe:/h:intel:core_i5:2450p", "cpe:/h:intel:core_i7:4712mq", "cpe:/h:intel:core_i5:4460t", "cpe:/h:intel:core_i7:5700hq", "cpe:/h:intel:core_i7:2820qm", "cpe:/h:intel:core_i7:8700", "cpe:/h:intel:core_i7:7567u", "cpe:/h:intel:core_i7:2657m", "cpe:/h:intel:core_i7:7600u", "cpe:/h:intel:core_i7:2629m", "cpe:/h:intel:core_i7:3520m", "cpe:/h:intel:xeon:*", "cpe:/h:intel:core_i7:4785t", "cpe:/h:intel:core_i3:6006u", "cpe:/h:intel:core_m:5y51", "cpe:/h:intel:core_i7:2760qm", "cpe:/h:intel:core_i3:6157u", "cpe:/h:intel:core_i3:2350m", "cpe:/h:intel:core_i3:4350t", "cpe:/h:intel:core_i7:870", "cpe:/h:intel:core_i5:4288u", "cpe:/h:intel:core_i7:7700hq", "cpe:/h:intel:core_i5:4302y", "cpe:/h:intel:core_i3:4330te", "cpe:/h:intel:core_i3:3115c", "cpe:/h:intel:core_i7:3820qm", "cpe:/h:intel:core_i3:4370", "cpe:/h:intel:core_i7:4700ec", "cpe:/h:intel:core_i3:2102", "cpe:/h:intel:core_i5:3550s", "cpe:/h:intel:core_i7:5500u", "cpe:/h:intel:core_i5:4300u", "cpe:/h:intel:core_i5:4570s", "cpe:/h:intel:core_i7:2720qm", "cpe:/h:intel:core_i7:920", "cpe:/h:intel:core_i3:4010u", "cpe:/h:intel:core_i3:4030u", "cpe:/h:intel:core_i7:8550u", "cpe:/h:intel:core_i3:6100", "cpe:/h:intel:core_i3:6100t", "cpe:/h:intel:core_i5:4210m", "cpe:/h:intel:core_i7:7660u", "cpe:/h:intel:core_i5:750s", "cpe:/h:intel:core_i7:4765t", "cpe:/h:intel:core_i5:2550k", "cpe:/h:intel:core_i5:2310"], "id": "CVE-2018-3646", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3646", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*", "cpe:2.3:h:intel:xeon:*:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*", "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-08-12T01:05:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19961", "CVE-2018-19966"], "description": "Package : xen\nVersion : 4.4.4lts5-0+deb8u1\nCVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19966\nXSA ID : XSA-275 XSA-280 XSA-285 XSA-287 XSA-288\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n \nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-10-08T12:46:49", "published": "2019-10-08T12:46:49", "id": "DEBIAN:DLA-1949-1:95A46", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201910/msg00008.html", "title": "[SECURITY] [DLA 1949-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-12T01:04:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2017-15595"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4369-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 14, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19965\n CVE-2018-19966 CVE-2018-19967\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-19961 / CVE-2018-19962\n\n Paul Durrant discovered that incorrect TLB handling could result in\n denial of service, privilege escalation or information leaks.\n\nCVE-2018-19965\n\n Matthew Daley discovered that incorrect handling of the INVPCID\n instruction could result in denial of service by PV guests.\n\nCVE-2018-19966\n\n It was discovered that a regression in the fix to address\n CVE-2017-15595 could result in denial of service, privilege\n escalation or information leaks by a PV guest.\n\nCVE-2018-19967\n\n It was discovered that an error in some Intel CPUs could result in\n denial of service by a guest instance.\n \nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.5+shim4.10.2+xsa282-1+deb9u11.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2019-01-14T22:10:01", "published": "2019-01-14T22:10:01", "id": "DEBIAN:DSA-4369-1:07573", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00007.html", "title": "[SECURITY] [DSA 4369-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:51:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2018-15470", "CVE-2018-12893", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-12891"], "description": "Package : xen\nVersion : 4.4.4lts4-0+deb8u1\nCVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 \n CVE-2018-12893 CVE-2018-15469 CVE-2018-15470\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2018-11-12T13:09:59", "published": "2018-11-12T13:09:59", "id": "DEBIAN:DLA-1577-1:71995", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00013.html", "title": "[SECURITY] [DLA 1577-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-12-24T11:42:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-18883"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.</p>\n<p>This issue affects the following versions of Citrix XenServer: </p>\n<ul>\n<li>Citrix XenServer 7.6</li>\n<li>Citrix XenServer 7.5</li>\n<li>Citrix XenServer 7.1 LTSR CU1 </li>\n</ul>\n<p>The following vulnerabilities have been addressed: </p>\n<ul>\n<li>CVE-2018-18883: Nested VT-x usable even when disabled</li>\n<p> </p>\n</ul>\n<p> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with only PV guests are not affected by this issue.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address this issue. Citrix recommends that affected customers install these hotfixes as their patching schedule permits. The hotfixes can be downloaded from the following locations:</p>\n<p> <br/> Citrix XenServer 7.6: CTX239128 \u2013 <a href=\"https://support.citrix.com/article/CTX239128\">https://support.citrix.com/article/CTX239128</a><br/> Citrix XenServer 7.5: CTX239127 \u2013 <a href=\"https://support.citrix.com/article/CTX239127\">https://support.citrix.com/article/CTX239127</a><br/> Citrix XenServer 7.1 LTSR CU1: CTX239126 \u2013 <a href=\"https://support.citrix.com/article/CTX239126\">https://support.citrix.com/article/CTX239126 </a></p>\n<p>Customers who are using the LivePatching feature of Citrix XenServer will not need to reboot servers to apply this hotfix if those servers were previously fully patched.<br/> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td width=\"50%\">26th October 2018 </td>\n<td>Initial Issue </td>\n</tr>\n<tr>\n<td valign=\"top\">1st November 2018</td>\n<td>Update with assigned CVE number </td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-08-15T04:00:00", "published": "2018-10-26T04:00:00", "id": "CTX239100", "href": "https://support.citrix.com/article/CTX239100", "type": "citrix", "title": "CVE-2018-18883 - Citrix XenServer Security Update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T11:42:52", "bulletinFamily": "software", "cvelist": ["CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19967"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.</p>\n<p>These issues affect the following supported versions of Citrix XenServer:</p>\n<ul>\n<li>Citrix XenServer 7.6</li>\n<li>Citrix XenServer 7.5</li>\n<li>Citrix XenServer 7.1 LTSR CU1</li>\n<li>Citrix XenServer 7.0</li>\n</ul>\n<p>The following issues have been addressed:</p>\n<ul>\n<li>CVE-2018-19961 / CVE-2018-19962: insufficient TLB flushing/improper large page mappings with AMD IOMMUs</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue may allow code in an HVM guest VM to compromise the host.</p>\n<p style=\"margin-left: 40.0px;\">This issue is limited to guests that are using the PCI passthrough feature in conjunction with AMD CPUs.</p>\n<ul>\n<li>CVE-2018-19965: x86: DoS from attempting to use INVPCID with a non-canonical address</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue may allow privileged code in a PV guest VM to crash the host.</p>\n<p style=\"margin-left: 40.0px;\">This issue is limited to hosts with Intel CPUs that support the INVPCID instruction.</p>\n<p style=\"margin-left: 40.0px;\">This issue only occurs in Citrix XenServer 7.6.</p>\n<ul>\n<li>CVE-2018-19967: Intel Erratum: \u201cProcessor May Hang When Executing Code In an HLE Transaction\u201d.</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue may allow code running in a guest VM to cause the host to become unresponsive and/or crash.</p>\n<p style=\"margin-left: 40.0px;\">This issue is limited to hosts with Intel CPUs that are affected by the corresponding Intel erratum.</p>\n<p> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule permits. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.6: CTX239437 \u2013 <a href=\"https://support.citrix.com/article/CTX239437\">https://support.citrix.com/article/CTX239437</a> </p>\n<p>Citrix XenServer 7.5: CTX239436 \u2013 <a href=\"https://support.citrix.com/article/CTX239436\">https://support.citrix.com/article/CTX239436</a> </p>\n<p>Citrix XenServer 7.1 LTSR CU1: CTX239435 \u2013 <a href=\"https://support.citrix.com/article/CTX239435\">https://support.citrix.com/article/CTX239435</a> </p>\n<p>Citrix XenServer 7.0: CTX239434 \u2013 <a href=\"https://support.citrix.com/article/CTX239434\">https://support.citrix.com/article/CTX239434</a> </p>\n<p> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>20th November 2018</td>\n<td>Initial Issue </td>\n</tr>\n<tr>\n<td>8th January 2019</td>\n<td>Updated CVE identifiers for TBA entries</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-01-08T05:00:00", "published": "2018-11-20T05:00:00", "id": "CTX239432", "href": "https://support.citrix.com/article/CTX239432", "type": "citrix", "title": "Citrix XenServer Security Update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-20T15:42:17", "bulletinFamily": "software", "cvelist": ["CVE-2018-14007", "CVE-2018-15468", "CVE-2018-15471", "CVE-2018-3620", "CVE-2018-3646"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Several security issues have been identified that impact XenServer. Customers should consider these issues and determine possible impact to their own systems. </p>\n<p>These updates provide a mitigation for recently disclosed issues affecting Intel CPUs. These issues, if exploited, could allow malicious unprivileged code in guest VMs to read arbitrary host memory, including memory allocated to other guests.</p>\n<ul>\n<li>CVE-2018-3620: (High) L1TF - Operating Systems and SMM</li>\n<li>CVE-2018-3646: (High) L1TF - Hypervisors </li>\n</ul>\n<p>In addition, this update also addresses these vulnerabilities: </p>\n<ul>\n<li>CVE-2018-15471: (High) Linux netback driver OOB access in hash handling.</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue, if exploited, could allow malicious privileged code in a guest to compromise the host.</p>\n<ul>\n<li>CVE-2018-14007: (High) XenServer Directory Traversal</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue, if exploited, could allow an attacker on the management network (or who can influence the behavior of a user on the management network), to compromise the host.</p>\n<ul>\n<li>CVE-2018-15468: (Medium) x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS </li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue, if exploited, could allow malicious privileged code in an HVM guest running on an Intel CPU to cause the host to become unresponsive.</p>\n<p>All of these issues affect the following versions of Citrix XenServer:</p>\n<ul>\n<li>Citrix XenServer 7.5</li>\n<li>Citrix XenServer 7.4</li>\n<li>Citrix XenServer 7.1 LTSR CU1</li>\n</ul>\n<p>In addition, CVE-2018-3620, CVE-2018-3646 and CVE-2018-15468 also affect Citrix XenServer 7.0</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<ul>\n<li>Systems based on AMD CPUs have reduced exposure and are believed to be vulnerable only to CVE-2018-14007 andCVE-2018-15471.<br/> </li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p id=\"cq-gen988\">Updates have been released to address these issues. Citrix recommends that affected customers install these updates as soon as possible. Note that these updates are not live patchable. The updates can be downloaded from the following locations:</p>\n<p id=\"cq-gen989\">Citrix XenServer 7.0</p>\n<ul>\n<li>CTX237090 - <a href=\"https://support.citrix.com/article/CTX237090\">https://support.citrix.com/article/CTX237090</a><br/> </li>\n<li>CTX237092 - <a href=\"https://support.citrix.com/article/CTX237092\">https://support.citrix.com/article/CTX237092</a> </li>\n</ul>\n<p id=\"cq-gen992\">Citrix XenServer 7.1 CU1</p>\n<ul>\n<li>CTX236908 - <a href=\"https://support.citrix.com/article/CTX236908\">https://support.citrix.com/article/CTX236908</a><br/> </li>\n<li>CTX237088 - <a href=\"https://support.citrix.com/article/CTX237088\">https://support.citrix.com/article/CTX237088</a><br/> </li>\n<li>CTX237089 - <a href=\"https://support.citrix.com/article/CTX237089\">https://support.citrix.com/article/CTX237089</a> </li>\n</ul>\n<p id=\"cq-gen996\">Citrix XenServer 7.4</p>\n<ul>\n<li>CTX236909 - <a href=\"https://support.citrix.com/article/CTX236909\">https://support.citrix.com/article/CTX236909</a><br/> </li>\n<li>CTX237086 - <a href=\"https://support.citrix.com/article/CTX237086\">https://support.citrix.com/article/CTX237086</a><br/> </li>\n<li>CTX237087 - <a href=\"https://support.citrix.com/article/CTX237087\">https://support.citrix.com/article/CTX237087</a> </li>\n</ul>\n<p id=\"cq-gen1000\">Citrix XenServer 7.5</p>\n<ul>\n<li>CTX236910 - <a href=\"https://support.citrix.com/article/CTX236910\">https://support.citrix.com/article/CTX236910</a><br/> </li>\n<li>CTX237085 - <a href=\"https://support.citrix.com/article/CTX237085\">https://support.citrix.com/article/CTX237085</a><br/> </li>\n<li>CTX237080 - <a href=\"https://support.citrix.com/article/CTX237080\">https://support.citrix.com/article/CTX237080</a> </li>\n</ul>\n<p id=\"cq-gen1004\">In addition, Citrix recommends customers review the below information and take the appropriate actions.</p>\n<ul>\n<li>As documented in <a href=\"https://www.citrix.com/content/dam/citrix/en_us/documents/white-paper/security-recommendations-when-deploying-citrix-xenserver.pdf\">Security Recommendations When Deploying Citrix XenServer</a>, Citrix recommends that the XenServer management interface is placed on an isolated management network.</li>\n<li>Mitigation for the SMM portion of CVE-2018-3620 may require updating the host firmware. Citrix recommends that customers contact their hardware vendor for further information on these firmware upgrades.</li>\n<li>Mitigation of CVE-2018-3620 for PV guests may result in a performance reduction until the PV guest\u2019s kernel is updated to be aware of CVE-2018-3620 mitigations. Citrix recommends updating all PV guests to kernel versions that are aware of CVE-2018-3620 to avoid this performance reduction.</li>\n<li>Full mitigation of CVE-2018-3646 also requires the disabling of hyper-threads on Intel CPUs. Customers should evaluate their workload and determine if the mitigation of disabling hyper-threading is required in their environment, and to understand the performance impact of this mitigation. The following document provides the steps to disable hyper-threading via the Xen command line: <a href=\"https://support.citrix.com/article/CTX237190\">https://support.citrix.com/article/CTX237190</a></li>\n</ul>\n<p style=\"margin-left: 40.0px;\">Note that disabling hyper-threading may result in the number of available pCPUs being reduced, and adversely impact performance. The following document covers additional issues that may be encountered in environments where customers have over-provisioned or pinned pCPUs (for example when hyper-threads are disabled): <a href=\"https://support.citrix.com/article/CTX236977\">https://support.citrix.com/article/CTX236977</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Acknowledgements\"> Acknowledgements</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Citrix thanks Ronald Volgers of Computest.nl for working with us on CVE-2018-14007 to protect Citrix customers.<br/> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>14 August 2018 </td>\n<td>Initial Issue </td>\n</tr>\n<tr>\n<td>21 August 2018</td>\n<td>Updated CVE identifiers for TBA entries</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2018-08-21T04:00:00", "published": "2018-08-14T04:00:00", "id": "CTX236548", "href": "https://support.citrix.com/article/CTX236548", "type": "citrix", "title": "XenServer Multiple Security Updates", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-03-12T22:20:11", "published": "2019-03-12T22:20:11", "id": "FEDORA:D16B26094E7B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.1-4.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-03-21T21:09:08", "published": "2019-03-21T21:09:08", "id": "FEDORA:5267F604C2BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.3-2.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2019-11091"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-05-30T17:27:30", "published": "2019-05-30T17:27:30", "id": "FEDORA:830BA60779B9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.1-5.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2019-11091"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-07-02T02:30:55", "published": "2019-07-02T02:30:55", "id": "FEDORA:501B260EC97D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.1-6.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-11T03:12:54", "published": "2018-11-11T03:12:54", "id": "FEDORA:37B8362B00D0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.2-2.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2019-11091", "CVE-2019-1842", "CVE-2019-18420", "CVE-2019-18421", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-11-17T01:42:57", "published": "2019-11-17T01:42:57", "id": "FEDORA:BED2C6068713", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.2-2.fc29", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-08-30T04:57:39", "published": "2018-08-30T04:57:39", "id": "FEDORA:E5291607602A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.1-6.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-04T05:52:52", "published": "2018-11-04T05:52:52", "id": "FEDORA:1CB13619263C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.0-8.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-14T03:14:58", "published": "2018-11-14T03:14:58", "id": "FEDORA:936F660E6650", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.0-9.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-22T03:23:53", "published": "2018-11-22T03:23:53", "id": "FEDORA:925F660BC44D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.0-10.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:39:54", "bulletinFamily": "software", "cvelist": ["CVE-2018-3646"], "description": "\nF5 Product Development has assigned ID 740761 (BIG-IP) and CPF-24976 and CPF-24977 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H31300402 on the **Diagnostics** &gt; **Identified** &gt; **Low** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | CPU \n14.x | 14.0.0 - 14.1.0 | None \n13.x | 13.0.0 - 13.1.1 | None \n12.x | 12.1.0 - 12.1.3 | None \n11.x | 11.2.1 - 11.6.3 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | CPU \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | CPU \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | CPU \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | CPU \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | CPU \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nVulnerable platforms\n\nBIG-IP\n\nThe following tables list only one entry for platform models that have several variants. For example, BIG-IP 11000, BIG-IP 11050, BIG-IP 11050F, and BIG-IP 11050N are included in the table as \"BIG-IP 110x0\".\n\nModel | Processor types | Vulnerable to \nCVE-2018-3646 \n---|---|--- \nBIG-IP B21x0 | Intel | Y \nBIG-IP B2250 | Intel | Y \nBIG-IP B4100 | AMD | N \nBIG-IP B4200 | AMD | N \nBIG-IP B43x0 | Intel | Y \nBIG-IP B44x0 | Intel | Y \nBIG-IP 2xx0 | Intel | N* \nBIG-IP 4xx0 | Intel | N* \nBIG-IP 5xx0 | Intel | Y \nBIG-IP 7xx0 | Intel | Y \nBIG-IP 10xxx | Intel | Y \nBIG-IP 12xx0 | Intel | Y \nBIG-IP i2x00 | Intel, ARM | N* \nBIG-IP i4x00 | Intel, ARM | N* \nBIG-IP i5x00 | Intel, ARM | Y \nBIG-IP i7x00 | Intel, ARM | Y \nBIG-IP i10x00 | Intel, ARM | Y \nBIG-IP 800 | Intel | N* \nBIG-IP 1600 | Intel | N* \nBIG-IP 3600 | \n\nIntel\n\n| N* \nBIG-IP 3900 | Intel | N* \n \nBIG-IP 6900\n\n| AMD | N \n \nBIG-IP 89x0\n\n| AMD | N \nBIG-IP 110x0 | AMD | N \nBIG-IP 6400 | AMD | N \n \n*****Platform is not listed to support vCMP. For more information, refer to [K14088: vCMP host and compatible guest version matrix](<https://support.f5.com/csp/article/K14088>).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-05-28T18:21:00", "published": "2018-10-04T18:26:00", "id": "F5:K31300402", "href": "https://support.f5.com/csp/article/K31300402", "title": "Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "gentoo": [{"lastseen": "2018-10-31T00:03:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-7542", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-3646", "CVE-2017-5715", "CVE-2018-12893", "CVE-2018-3620", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-10982", "CVE-2018-5244", "CVE-2018-12891"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could cause a Denial of Service condition or disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.10.1-r2\"", "edition": 1, "modified": "2018-10-30T00:00:00", "published": "2018-10-30T00:00:00", "id": "GLSA-201810-06", "href": "https://security.gentoo.org/glsa/201810-06", "title": "Xen: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}