Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-3665 (GCVE-0-2018-3665)
Vulnerability from cvelistv5 – Published: 2018-06-21 20:00 – Updated: 2024-09-17 01:01
VLAI
EPSS
Summary
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
25 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel Corporation | Intel Core-based microprocessors |
Affected:
All
|
Date Public
2018-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "RHSA-2018:2164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "USN-3696-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "1041125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041125"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "RHSA-2018:1944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1944"
},
{
"name": "RHSA-2018:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1852"
},
{
"name": "FreeBSD-SA-18:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
},
{
"name": "1041124",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041124"
},
{
"name": "RHSA-2018:2165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2165"
},
{
"name": "DSA-4232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4232"
},
{
"name": "USN-3698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "USN-3696-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "104460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104460"
},
{
"name": "USN-3698-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "RHSA-2019:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_31"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX235745"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-3665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Core-based microprocessors",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "RHSA-2018:2164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "USN-3696-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "1041125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041125"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "RHSA-2018:1944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1944"
},
{
"name": "RHSA-2018:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1852"
},
{
"name": "FreeBSD-SA-18:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
},
{
"name": "1041124",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041124"
},
{
"name": "RHSA-2018:2165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2165"
},
{
"name": "DSA-4232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4232"
},
{
"name": "USN-3698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "USN-3696-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "104460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104460"
},
{
"name": "USN-3698-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "RHSA-2019:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_31"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX235745"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-3665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-06-13T00:00:00",
"ID": "CVE-2018-3665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Core-based microprocessors",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "RHSA-2018:2164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "USN-3696-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "1041125",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041125"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "RHSA-2018:1944",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1944"
},
{
"name": "RHSA-2018:1852",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1852"
},
{
"name": "FreeBSD-SA-18:07",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
},
{
"name": "1041124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041124"
},
{
"name": "RHSA-2018:2165",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2165"
},
{
"name": "DSA-4232",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4232"
},
{
"name": "USN-3698-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "USN-3696-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "104460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104460"
},
{
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "RHSA-2019:1170",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_31",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_31"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181016-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
},
{
"name": "https://support.citrix.com/article/CTX235745",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX235745"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2018-3665",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2018-3665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3665",
"datePublished": "2018-06-21T20:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:01:36.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-3665",
"date": "2026-05-30",
"epss": "0.01258",
"percentile": "0.79707"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-3665\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2018-06-21T20:29:00.373\",\"lastModified\":\"2024-11-21T04:05:51.690\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.\"},{\"lang\":\"es\",\"value\":\"El software de sistema que emplea la t\u00e9cnica de restauraci\u00f3n de estado Lazy FP en los sistemas que emplean microprocesadores de Intel Core podr\u00edan permitir que un proceso local infiera datos de otro proceso mediante un canal lateral de ejecuci\u00f3n especulativa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":4.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4229DB2-8BBC-49F8-87A8-2E7D56EFD310\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0E91F46-D950-4894-BACF-05A70C7C6F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E12B40B-5221-48A6-B2A6-D44CD5636BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BCB77C9-ABE3-44A0-B377-7D7035E8A11F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D06639F5-5EE8-44F4-B48A-5694383154DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"637C3687-FBCC-41A0-BFE6-823BAE45FB92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2350A197-193F-4B22-80E8-3275C97C78EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734C7A7E-ACCA-4B34-BF38-0FAED988CC6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9ABAFC-B3B5-449D-A48E-2E978563EDE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99019EA0-6576-4CE7-B60A-975D418AA917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E846AEF-751D-40AD-84B5-EFDC9CF23E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB9DD909-B2AC-46BA-B057-D239D0773CAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54F5C355-FDFC-4E71-93AA-218389EF10E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A1CA1E-971D-4F67-864E-2E772C1E736B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B5F8391-D974-49AC-8550-ADB3FA6C0535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8302BF58-9E54-40DA-BCFE-59CA52C460D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECCDE9EF-037B-4650-8131-4D57BE141277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB8253DA-9A04-40D6-84C1-C682B4023D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAF6D175-85C3-4C72-AD9F-31B47EF43154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A5FC594-2092-4240-9538-235BBE236DD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D95F00-EA89-4FDE-991C-56636B8E0331\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4158561F-8270-42D1-91D8-E063CE7F5505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0DEA96-0202-41EB-BDC3-24E2FC4415B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8BACE1C-5D66-4FBC-8F86-30215A623A94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF707146-0D64-4F3A-AE22-956EA1CB32B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8118C3F9-0853-4E87-9E65-86E1398B2780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A298501-C4D7-48D4-90F9-15AFA59DED48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEE1B07B-3D92-4D2D-8667-D902F002277F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F05CB19-1059-4C4D-BFD7-9F51A22A4F97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5588732F-7F1A-4C24-B35F-30532107FFDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A127DD5D-426D-4F24-A8C5-DC9DAC94B91C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26EE0BBD-3982-4B0F-82F6-D58E077C75DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAEEC918-EA25-4B38-B5C3-85899D3EBE6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"813965F4-3BDA-4478-8E6A-0FD52723B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C5EA2F4-F3EF-4305-B1A1-92F636ED688F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04384319-EE8C-45B4-8BDD-414502E7C02D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52528CE-4F31-4E5F-8255-E576B20F3043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C3F422-F865-4160-AA24-1DAFAE63729C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D034E7F-4D17-49D7-BDB2-90CB4C709B30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C18E6B4-E947-403B-80FB-7095420D482B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2814CC9F-E027-4C5A-93AF-84EA445E6C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A470C3-AAAA-4A6E-B738-FEB69DB78B9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1236944-4942-40E4-9BA1-029FEAE94BBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086CAB4B-A10A-4165-BC33-33CADCD23C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAFB6B30-BFB0-4397-9E16-37D1A772E639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFCB9D7B-7D0A-435D-8499-C16BE09E19FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64277594-9713-436B-8056-542CFA9F4CFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"589BB170-7CBA-4F28-99E3-9242B62E2918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B9C4D9-DA09-4377-9DCD-225857BD9FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D0265F-840B-45A1-90BD-9ED8846A9F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74BAC0EC-2B38-4553-A399-4BD5483C4753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4477EBA6-F0A7-452B-96E8-BA788370CCA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1285D817-B5B8-4940-925D-FCDD24810AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D289F7B4-27CD-4433-BB45-06AF98A59B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00168903-6012-4414-87D1-2EE52AA6D78E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AE8D524-577E-4994-8A4B-D15022C84D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75977B0B-C44D-43BC-8D7A-AF966CDB1901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7F5D52-9F41-49A4-B941-E0D777203FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B5B3FD-5BEA-4DE8-B010-55FED1547167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"167B1B04-5823-4038-A019-3975A3B447C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BA096E0-5480-47CB-822B-D11D7E20F69F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30357469-0B8F-4385-A282-2F50181EA442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BE70772-7796-4594-880A-6AAD046E4D8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A9E2F8D-2974-4833-9EC2-233CEE257C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EE3078-454F-48F8-B201-3847DB40D5C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE32C500-55C2-41A7-8621-14EBF793BF11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D3DF52-501A-4656-98F1-8DD51D04F31F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09578301-CF39-4C24-951A-535743E277EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A65F303-96C8-4884-8D6F-F439B86BA30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E046105-9DF5-425F-A97E-16081D54613C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2987BCF-39E6-49B6-8DEE-963A38F12B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AD92AD8-033A-4AAD-91E5-CB446CCE9732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E0E73A-F1B4-4E70-B9F1-EE97785B8891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D6E3CC-79B1-4995-9A76-41683C7F254A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE5773D-3CD1-4E63-8983-E0105C46D185\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A7C307A-6576-4A0A-8F4E-0981C9EE2901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18B3A53B-902C-46A5-8CE7-B55102703278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB843479-729A-4E58-8027-0FC586F051AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AF5A233-1E77-49FD-AC2C-60D185481E28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18519CF2-B0DA-42DD-8A3E-9084298C210A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"329D5FCF-7EC5-4471-906B-3619A180BD52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD43EAA-F3A5-4748-9187-A6E6707ACD11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F3C14D-4BFC-4205-8781-95E6B28C83C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20942AD8-ADB7-4A50-BDBE-DB36249F4F52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EC6ED02-134B-4322-AB72-75A0AB22701E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FA74EEE-54CC-4F80-B1D3-99F7771335ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6B859F7-0373-4ADD-92B3-0FAB42FCF23C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAC76F31-00A5-4719-AA50-92F773919B3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49996F5A-51B2-4D4E-AE04-E98E093A76CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F8406B0-D1E5-4633-B17E-53DC99FE7622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D49435C-7C33-454B-9F43-9C10F28A28A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D17E1A0F-1150-4899-81BC-BE84E4EF5FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EADD98AE-BAB0-440D-AB9F-2D76BE5109E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED44A404-8548-4EDC-8928-4094D05A6A38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2AAD8F0-0D31-4806-8A88-A30E5BE43630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8164EE5F-6ABA-4365-8718-2F98C2E57A0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7110AF9-A407-4EE2-9C46-E5F1E3638E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A06696D-37F0-427D-BFC5-1606E7441C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68A76015-0A05-4EC7-B136-DC13B55D881F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54464F6C-9B2D-46BA-AC44-506389F3EE0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FA11017-EA58-45EE-8408-FCCCF7183643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442AD778-D56F-4C30-BBF8-749D6AAC4737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF7D3F31-AF4D-4C50-8590-A763AAC7AF07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"445BFC2E-38FA-4130-8550-0866EC4EDA33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DC2746-CE41-40C9-8CFA-23231BBCAE77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3A8976-5E4D-490A-A87D-A47D1B2B903C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C8535E6-220E-4747-8992-45B6EAFC555C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7479B49-F484-4DF2-86CB-E52EE89FA238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D68512-746D-4E95-857B-13A0B6313C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4312BA84-F9A0-4BD4-8438-058E1E7D6C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60E52DF5-C713-4BC4-B587-FF6BDA8509CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"304ADCAC-9E49-42BD-BC92-58D9B2AD52E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AB02172-B9A7-4801-88F2-98BF5843184A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5141380E-BD18-47C1-A84C-384BA821773D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE6C49E-2359-4E44-9979-7D34F8460E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C004B75F-37AF-4E61-98F3-1B09A7062DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7126D19-C6D9-43CB-8809-647B1A20E7DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CC98503-A80A-4114-8BF2-E016659BE84E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3821412D-B010-49C4-A7B4-6C5FB6C603B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AD5B51A-AEA0-4DA2-BA60-94A2D5605352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96C6CA0-434D-428F-B629-A971C2937628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"301AB72A-A6F2-42C8-A931-94EF2271443F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59414B5A-05B8-49AF-A197-2A31729DDB65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BFDD380-692F-41D7-996F-F97FC74DC7CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49602828-2BFC-4571-9F05-6210FD263DF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87E03978-E16D-4A9B-8AE7-9F4F1171C14A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03096A9A-5758-47E6-81E2-BCFE847C41F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"150CC865-7975-45EC-BFF7-A94146442BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8FA1308-589B-432B-80F9-9A499D083ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ED2453E-30E1-4620-BEC5-21B0083449E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FE8DD05-D700-4F89-9B01-D489029DF7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"050957CA-6191-4F9F-9D07-48B342B3B1B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DACBF998-8B11-45C7-9017-486AED4FAE6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F2F3C4-FC94-414A-A208-913A43D57D75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641152EC-F4B4-4E5E-B396-AC4CAAB805BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4911E332-B8BA-4336-A448-3F70D2BBB147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"330EC403-3174-4543-9BBE-CEC0ABC1575D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EF585D0-507E-491E-9C3B-78EE26F2F070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5D885A-85C4-4A11-B061-61EFF6B6E329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0502B59F-933C-4E25-A2EC-9296B197E139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D9C0A9-2DFF-4760-8FED-AC2DA7968E51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5A1BAEC-18BF-4607-BFB7-48102E75186A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49ED138-F42D-4451-A350-0B2DD5AB9444\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ED91472-90FC-4AC8-96D5-1550A8502411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2784E2AF-A5E5-4960-830C-B3EFB84043D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9112FA50-5527-4B20-80F5-2DE9E66D09F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CE4E2E-B2BF-409E-B18C-D67DA810FE9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B84D67-0B1D-4B74-BC85-AF8F933D8429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCA05A18-1523-4EED-9D2E-0A258A33F24F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C34E70EB-92F0-43F6-8883-FE422BE1A3FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78D301F1-20C2-4756-9A90-37F14835CE14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA63B803-4D48-42E8-A793-F92ABCB8BFC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"129DB9CB-E878-4856-A954-15FFE1428636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"730DB4AA-FD7D-40C6-8D7F-19937832EF9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E86978-4820-422A-8C7C-FF0697DAED05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF813AD9-D296-4915-861C-8DE929E45FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A65469-083F-40B5-86C5-A2EAE5B2F00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F1AA82E-BD86-40F5-B417-71DF6AF53A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71A6DB0-5EB0-4712-8480-CF427F521D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8223D5A1-ADF1-43C6-AF91-EE5C413BCB37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DD69605-F52B-4623-921A-983A5A408ECA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D5685F-6FFE-4A6A-9FF8-940C8DA36499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3832D0A6-419D-4876-B5C4-920578F713F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"404E38E6-9EB3-41D0-97A7-DC579688BFB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40E4A921-AB28-47B7-B5A3-EB82193D15BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0357E48-2300-47B4-B9E5-9FE813A2FC09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96CC28B6-57D1-4919-AA55-A262CC16AFE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EB4C54D-1265-425A-B507-E1099844875A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97362147-3A71-430D-9064-4435D45C3B8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89212CF3-4E99-4389-94CE-F4211DDCA01B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"611C0A0A-1FA3-42F9-82E8-BFCB71A077DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F027D9-DCB4-4A3D-8987-41F2941DBD45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23BCEC9-2BFB-4B41-9A7A-18B1347C6202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4924CE39-A846-4DB4-9547-6322FC5AD6B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C9E2C9A-94A1-456B-90D5-54932DF64C22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC04C652-B2D8-4002-A50E-8AFE83204A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10D413F0-CDBC-4A63-B9A7-9E7725BA1E83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A8826-59F7-4A71-B74B-737BE9C7DE4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB6BDA-6825-489B-AB39-7729BA45DFD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7913F57E-E600-4767-AF51-D045E1898E72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3783F4-5A05-45AA-9791-A681011FD78C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E3114D-31D2-4DBF-A664-F4049D8B6266\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EE6578-981D-470C-BB24-4960B3CB1478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EE59839-8EB9-47FE-88E2-F0D54BE787A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75694A3D-080A-4AA7-97DF-5A5833C9D9F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E996176-3DEA-46E6-93B7-9C0DF32B59D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4417007D-126A-478B-87EA-039D088A4515\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F78C2825-F6A3-4188-9D25-59EAEC8A7B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2FA85D-B117-410D-B247-8C5A3479319A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A041D27-132C-4B15-976F-1750C039A89F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D495E06-BF2B-4C5A-881D-94C93CD2BA2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088BC395-06D5-4156-85EB-63C4A9552898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33A220A2-A6D2-46A7-B168-607400EEDCE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E79232F-7196-440B-82D4-165885251232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED866954-77AB-4CA8-8AED-4252C595FC4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A1F516-B180-45D4-8EB1-754B7497CB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36758A04-64D3-4150-A004-CF042FA31CD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E01752E-F1DD-400A-A917-216CAF15B0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD47EC58-F776-4F59-8F15-4B208904CF4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94565E35-8A58-4CB6-A489-C796DCB97FC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49964D35-5323-4412-BD54-661630F9A8CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F66468-87D0-41FC-934B-5924BE2956CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C0D99E-443E-4AB1-A07A-900A09FE177E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9DAEE52-09C3-4A09-9958-9D6807B2700B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B97690D4-E814-4D40-B170-BE56D7AE2C1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89804F2C-D32D-4444-ABEA-5B241153D096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAAAF9C-B29B-4020-BAFF-C87B1A08294A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C27B318-2AC1-423D-B0C8-583BB1800D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E58E3D0-1154-4B13-BA16-67CE67DF0637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32D2ACB3-B906-4944-A021-03C4645965BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E1A41BA-A1D6-484A-BAD2-68DF85598354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11260C9D-69A9-4D81-9CCF-2E116DD75F7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C020F06-FD27-46E3-A48F-3F60F33BB969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C74F10-6A7F-4F68-8A34-E981E1760DE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24741B98-8D0E-4307-AAEF-A14B2531DCA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D4FA4BA-4304-4A70-9F86-120F2A3D8148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"367FC8BA-F046-4264-A049-49E933E7698F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE9B68D3-1DFB-4468-85C4-AC13E6CBC111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C966A016-B650-44D9-B8C4-1ED50AB318DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC448FF0-6D3F-4609-864B-4191905EE2B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FC246FE-4CA6-4B2D-83C3-D50A386C24A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"758A14DB-1BAF-442A-BA7C-5E9C67847BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61309100-CFA7-4607-A236-8910838AA057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82D76265-7BD0-4C51-AE77-22B22524DE81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE38B195-BB8D-4747-881D-E8033760B4C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AA8BE76-168D-48A3-8DF6-E91F44600408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B656975-5D71-4712-9820-BDB7BC248AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA045267-114D-4587-B6D7-E273C28DC9B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77018415-E122-406E-896D-1BC6CF790BE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E1C012-3E05-44DB-B6D2-BFD619C034B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15D689D6-8594-42F2-8EEF-DCAEBA885A67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6446000-0494-4DC5-ABAA-F20A44546068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B94EEC-6690-45D0-B086-F4A5B25C25CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"832AB3CD-E3A1-4CCB-A210-287973563D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A26C0CC-68AD-40F5-96B8-87E6C643F6F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C4221A-9994-43B3-9C7A-E13815A50A10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20070B1D-B91C-40BA-A9D8-E80170A2933F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70129C9-371F-4542-A388-C095869E593A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C4DE25F-168A-4C67-8B66-09F61F072BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58157F24-D89E-4552-8CE6-2F01E98BD1E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45ACBBEA-EC95-4F3E-B585-893DB6D21A0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6A5EC79-1B21-4BB3-8791-73507BC8D4DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0387587-AAB6-4284-8516-4DA3E3582D30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A238C975-9196-449F-9C15-ABB2E9FD1D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F17F4A5-120B-4E00-97C8-8A85841ACBC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2537F047-64C9-4E73-B82C-310253184183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A55857C-649D-46CE-AEDA-6E553E554FC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BA4892D-AFDF-4441-821E-5EBF7F64C9F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"327E06A3-7F0E-4498-8811-10C8D15398FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1624E6D6-858E-4085-B0B9-362B819EFD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50D61F4A-40F0-477C-8326-7359D3626E77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1455B4DE-7F1C-4CF2-AE02-2EDD20025D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B215788-860B-46CD-9A08-43AFF98FAEAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4EB132B-000C-4A17-AFB3-19F40A73D2CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C4815AE-B635-4545-83C2-5EC4E0128337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0046C06-E3E6-4674-A4D1-332DD29D9552\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C191851-3DC3-41C7-AD89-81F091CCC83A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21126922-8E81-47F4-82D4-CBCDDACEC4FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"209E18B0-BBB5-4C65-B336-44340F7740DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C867C0B8-91A4-482A-B7DD-54AB9599AE52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30F03843-8A51-4CE1-BE6C-994BDE3A8F97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09854948-2657-4261-A32A-0523058F072E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13904A5-266D-481C-A42A-734C3823A238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACC82FCB-0541-45C4-8B7E-CB612D7F702A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501E9355-0CDD-4951-BCC3-47962788BCCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D976D9-62F0-43C3-8359-E51E26B6CD87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64ADE9AF-196F-4E0B-BC66-7DE0183F9032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90CCA48-1705-4564-AAF9-271201BD5113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B82BAFF-17F5-465C-8032-67D5ECAB2921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F831371E-7437-48D7-8281-1F406215041B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC4F06B5-615A-464A-A0C4-7AABEE8530CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92AF503A-A2B1-4FC3-858B-264049ADF0F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E702C7EC-B1D9-4BDF-B334-2004CD76B52B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39F31D6-DC4B-46FE-BE5D-EA612D915A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51CB8036-5F36-4CD4-9B3E-D2401F2E64F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9849BA3-3990-4E30-B99B-ADD043314CDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A22E92-1EA7-45D9-AC86-EC3D9664C294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7FA2911-6561-47BF-BEE8-DDA31642C346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F829DED-4D92-401A-BD80-C070DE57FC7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F560575C-FD8E-485D-B50A-572604BBE903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A38D00A-B9DC-44DF-8247-70355FF9A6EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"381EFC43-D5D9-4D10-90BE-4C333A9BA074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBEDED18-2755-4C55-A1A1-04B4D5F40276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04B57EC-0731-40C8-939F-1C686A65A0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE1D28F9-B135-441B-A9BF-792DD356E374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D01CE3E-5C89-4FC0-9097-CAC483ACD441\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F52334F-BE6A-4FD4-9F63-AE9BB017115B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"707F6671-57AC-4DF4-8024-444502E5C92E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1FCE07-F9E8-4B14-95CE-01784D472128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C208711F-FC06-46C8-8849-27054DC1B264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25AB8041-F201-4BB3-AAD9-199B06697DF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D75C474C-D5EF-42D6-9B2A-A504BEFCB982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F566CD3-3649-492B-B0AB-A107E51675B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9F3D74-AE72-4FC5-83E9-890781AF3093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C69918C6-7AAD-4AA5-AB72-C275367B1008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06155B0B-A5AD-4A82-8C02-D264981687A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76C19A4-FA26-432A-9443-9F92B2A946EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99BEE9BE-E49A-489B-B333-95D0993F8FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7427A678-EC47-4030-B905-619DD95F5A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86749716-1C9F-4C2A-B2A7-E62DEC10EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD000B53-06DA-4ED4-B0EE-9CB201B75C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8424463-C329-4BAA-8AA1-25CD8B63292E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52727E62-0048-4C56-BC8C-B3450D257B21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAA34B50-2330-4D77-BF1A-6F05F3EF222C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6421F69-1076-43D2-B273-DE80FB2D5F72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E611EDD-D44C-4311-B681-431D7C574528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1886D007-85B6-4E5A-968D-A1FD476A08A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDDDCB65-4404-49BC-9515-ECECD58A667F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B8D3E00-64C3-407A-9B00-8B6E383F73FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB1B00A1-9C15-47C2-9F57-66586DEACC7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB5BF932-459F-4DD2-B160-5FE0371C7D83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58ACE96-F1BE-4261-8F94-FC3C6E7C7561\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783D6EA7-C016-4314-A87B-4FED1DC7114B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD0176F-FFAE-4A85-9327-CE72FE059E90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D4CE1F-86C8-4E48-9146-9DB57BF540FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7F9D65-5537-4C25-B02B-2393F60D1299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F09C8A92-820D-4572-A797-180E17A7DEB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA7D77A2-0D9A-4D0D-B0DC-152757917BE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07D3F1A-16CE-461F-A2F4-80FE5F841CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C04557A-C508-4FAD-A535-1C0AEFF08075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AFAE489-6679-4705-BF9C-BB6D385A1DC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"429A99C8-BC55-4887-893C-7124C1A5DB08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A2B709-CC19-4116-A5BE-5DB5C8B45A12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1F1377-6220-43FB-BEF9-BAA7B0158147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18422CA8-3000-46B1-9065-2369E6B0BE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D558C66-E80E-4FC7-A0DF-485466390C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860F22F6-4C87-47C5-965E-02A1AFF41A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A2CA86-BFA8-4C78-987D-AD26F32622F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425F6D34-EE60-464B-8EA6-8116EDAA1219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEB9F657-1239-4424-A2E8-F8BD98C0095E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F631403C-0A67-42CB-815C-133EB87E0C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0453C0EA-BA67-49D5-964F-35493F97D905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4D237E-ACB7-4382-AF5B-D27E634BF867\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5461EB2-2958-4923-86AF-C74D449120B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C22141-E698-4E38-AF50-9CE04C1168FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49D0E470-427D-4A68-AFD2-982A4F7CE2D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"713C4B7A-C38A-4818-A258-D07DEDEC906E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C59740BE-FC30-4400-B978-1DB41282971C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"839728F0-5F23-462F-B493-C37EE4C874F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1B47DA-BA53-4D7A-9B5B-582238D5E99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D452F1BF-1FA5-463C-8F13-6357509FB5D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6D1F4C-B396-468C-BA32-9367A68C95DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76A812F-D77A-49C8-B7A5-0C08258D4BBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E001AAB-07EC-47BF-BDE9-BB927872781D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1DF11F5-61E8-4A98-86C8-49D6B3224FCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D024802A-EA60-4D9B-B04C-027A0703EABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA731F3C-1F04-4EE2-83EC-9486F5032903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"544A59F6-E731-43C8-8455-69256933E71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624258EE-7FFF-4432-9B6D-4D60AA73CD9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A2701A-35A8-4268-B9CF-40BA3219373B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E671F6-8DED-4735-BE97-58A60E5B5C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FC68B2A-8570-4311-BB60-49DBBDAF7430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9826FA02-937E-4323-B9D5-8AE059ADBE95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B8630BB-48AA-4688-A6F0-212C1BB4D14C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"326105AC-3926-437E-8AFF-916960107050\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"866E1275-7541-4B80-8FDF-53246A204C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E190929D-D3CC-46E1-A903-0848829061DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81E4EBCB-B660-4F6A-AD73-81B9D8964162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D58CC5-CB46-464D-93B8-6AD5A19AF097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16541D3E-EBBD-4D92-96D8-F169733377AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F08D257-F570-4D39-A6E8-0F60E55472E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C20ED667-2BFB-41C7-82BA-9F0C0044DA08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6158ED8A-007E-48B7-99BF-8BA03BF584BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBA7096A-F321-49A0-911A-F9683ABE6E6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A471395-7F8F-4BA5-962D-4D8F271FAB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9484380-92B9-44DB-8E20-DC8DE02D1CA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8010808D-805D-4CA3-9EA2-55EB1E57964C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9716FE9F-A056-42A3-A241-F2FE37A6386A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73422A3-ECA0-4C41-9AA5-CF7D77885CF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A96A5AF-C9EF-4DED-AE25-4540A2B02915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5115B12-053A-4866-A833-D6EC88D8F93E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5619D4D-9685-4595-8A5F-A18273FE4213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77E00E7-0EA4-4E32-A693-0E0F66BA4C57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAA3457E-7E1A-4878-9752-79382E954A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68630C63-4457-4E12-B7BD-AD456B237FC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6FB5695-2950-4CEC-81B4-FD280F835330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F340AF8-508F-449D-9AFA-4E55F069B4F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E944410E-D674-4141-B50C-9F55090325FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6438E07-0AC0-4BF9-B0F2-9072CA9639D6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5079AA70-C864-4AE2-809C-52B50632F2B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A86291B-C986-4320-BCEF-9F5AD8B309D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1227659F-1393-4189-978B-CC3DC53BF407\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C2DB843-638F-41EF-B486-409318AA2DE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0004D8A-A186-4DA2-A7AB-18A6456438FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75B6BE9F-F113-4976-951D-53F2E183A95A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEB005F1-9719-4985-B9D9-2140C962ADD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A94D0C1B-F30F-4724-915E-192C53FAE58A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F247860-1D2C-415C-AFBD-26BD875AAF02\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9697EDCD-A742-4AC6-876E-1080AD684207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E73924A-875B-44D0-8F7C-A822B0488126\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03751B92-EE07-4F16-A476-BD25561810BC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"405F950F-0772-41A3-8B72-B67151CC1376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5647AEA-DCE6-4950-A7EB-05465ECDDE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenserver:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55FD399E-959A-4FB6-B049-AA73F0DFF9CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenserver:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49422CA5-DF4B-4FE4-B408-81B637BE1287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49D662D7-33DF-4DB3-946E-E9E410DC96CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53E56F4F-B418-44DD-9C97-7276A4C58F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5753931-556B-4EEC-B510-751BA3613CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5288B41-ED07-487E-BECD-59978D0F0686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AE8DED75-8C97-476F-805B-7A2F17B6BC11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"B061040C-AB62-4ED6-8F4A-A49DA6753C4B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104460\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041124\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041125\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1852\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1944\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2164\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2165\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1170\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1190\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/4787\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181016-0001/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2018-3665\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX235745\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3696-1/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3696-2/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3698-1/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3698-2/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4232\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_31\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/4787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181016-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2018-3665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX235745\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3696-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3696-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3698-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3698-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2018:1949-1
Vulnerability from csaf_suse - Published: 2018-07-13 07:25 - Updated: 2018-07-13 07:25Summary
Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.121-92_73 fixes several issues.
The following security issue was fixed:
- CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740).
Patchnames: SUSE-SLE-SAP-12-SP2-2018-1321,SUSE-SLE-SERVER-12-SP2-2018-1321
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.121-92_73 fixes several issues.\n\nThe following security issue was fixed:\n\n- CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP2-2018-1321,SUSE-SLE-SERVER-12-SP2-2018-1321",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1949-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1949-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181949-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1949-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004272.html"
},
{
"category": "self",
"summary": "SUSE Bug 1090338",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "self",
"summary": "SUSE Bug 1096740",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2018-07-13T07:25:48Z",
"generator": {
"date": "2018-07-13T07:25:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1949-1",
"initial_release_date": "2018-07-13T07:25:48Z",
"revision_history": [
{
"date": "2018-07-13T07:25:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"product_id": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_121-92_73-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-13T07:25:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:1981-1
Vulnerability from csaf_suse - Published: 2018-07-17 14:50 - Updated: 2018-07-17 14:50Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).
- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
- CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).
- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
Bug fixes:
- bsc#1027519: Add upstream patches from January.
- bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen.
- bsc#1087289: Fix xen scheduler crash.
Patchnames: SUSE-SLE-Module-Basesystem-15-2018-1342,SUSE-SLE-Module-Server-Applications-15-2018-1342
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).\n- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).\n- CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).\n- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).\n\n\nBug fixes:\n\n- bsc#1027519: Add upstream patches from January.\n- bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen.\n- bsc#1087289: Fix xen scheduler crash.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-1342,SUSE-SLE-Module-Server-Applications-15-2018-1342",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1981-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1981-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181981-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1981-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004280.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1087289",
"url": "https://bugzilla.suse.com/1087289"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1097523",
"url": "https://bugzilla.suse.com/1097523"
},
{
"category": "self",
"summary": "SUSE Bug 1098403",
"url": "https://bugzilla.suse.com/1098403"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-07-17T14:50:16Z",
"generator": {
"date": "2018-07-17T14:50:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1981-1",
"initial_release_date": "2018-07-17T14:50:16Z",
"revision_history": [
{
"date": "2018-07-17T14:50:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-4.10.1_06-3.3.1.x86_64",
"product": {
"name": "xen-libs-4.10.1_06-3.3.1.x86_64",
"product_id": "xen-libs-4.10.1_06-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"product_id": "xen-tools-domU-4.10.1_06-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.10.1_06-3.3.1.x86_64",
"product": {
"name": "xen-4.10.1_06-3.3.1.x86_64",
"product_id": "xen-4.10.1_06-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.1_06-3.3.1.x86_64",
"product": {
"name": "xen-devel-4.10.1_06-3.3.1.x86_64",
"product_id": "xen-devel-4.10.1_06-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.1_06-3.3.1.x86_64",
"product": {
"name": "xen-tools-4.10.1_06-3.3.1.x86_64",
"product_id": "xen-tools-4.10.1_06-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.1_06-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64"
},
"product_reference": "xen-libs-4.10.1_06-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.1_06-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.1_06-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64"
},
"product_reference": "xen-4.10.1_06-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.1_06-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64"
},
"product_reference": "xen-devel-4.10.1_06-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.1_06-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
},
"product_reference": "xen-tools-4.10.1_06-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-17T14:50:16Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12892"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as \"sd\" in the libxl disk configuration, or an equivalent) are affected. IDE disks (\"hd\") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12892",
"url": "https://www.suse.com/security/cve/CVE-2018-12892"
},
{
"category": "external",
"summary": "SUSE Bug 1097523 for CVE-2018-12892",
"url": "https://bugzilla.suse.com/1097523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-17T14:50:16Z",
"details": "important"
}
],
"title": "CVE-2018-12892"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-17T14:50:16Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.1_06-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.1_06-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-17T14:50:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2037-1
Vulnerability from csaf_suse - Published: 2018-07-23 08:47 - Updated: 2018-07-23 08:47Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744).
- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).
- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
Bug fixes:
- bsc#1079730: Fix failed 'write' lock.
- bsc#1027519: Add upstream patches from January.
Patchnames: sdksp4-xen-13698,slessp4-xen-13698
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744).\n- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).\n- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).\n- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).\n- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).\n\nBug fixes:\n\n- bsc#1079730: Fix failed \u0027write\u0027 lock.\n- bsc#1027519: Add upstream patches from January.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-xen-13698,slessp4-xen-13698",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2037-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2037-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182037-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2037-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004294.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1096224",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1098744",
"url": "https://bugzilla.suse.com/1098744"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11806 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12617 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-07-23T08:47:34Z",
"generator": {
"date": "2018-07-23T08:47:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2037-1",
"initial_release_date": "2018-07-23T08:47:34Z",
"revision_history": [
{
"date": "2018-07-23T08:47:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.4_34-61.32.1.i586",
"product": {
"name": "xen-devel-4.4.4_34-61.32.1.i586",
"product_id": "xen-devel-4.4.4_34-61.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"product": {
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"product_id": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"product_id": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_34-61.32.1.i586",
"product": {
"name": "xen-libs-4.4.4_34-61.32.1.i586",
"product_id": "xen-libs-4.4.4_34-61.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_34-61.32.1.i586",
"product": {
"name": "xen-tools-domU-4.4.4_34-61.32.1.i586",
"product_id": "xen-tools-domU-4.4.4_34-61.32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-devel-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-devel-4.4.4_34-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-4.4.4_34-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-doc-html-4.4.4_34-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-libs-4.4.4_34-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-tools-4.4.4_34-61.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_34-61.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.4_34-61.32.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586"
},
"product_reference": "xen-devel-4.4.4_34-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-devel-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_34-61.32.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586"
},
"product_reference": "xen-libs-4.4.4_34-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_34-61.32.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_34-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_34-61.32.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586"
},
"product_reference": "xen-libs-4.4.4_34-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_34-61.32.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_34-61.32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_34-61.32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11806"
}
],
"notes": [
{
"category": "general",
"text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11806",
"url": "https://www.suse.com/security/cve/CVE-2018-11806"
},
{
"category": "external",
"summary": "SUSE Bug 1096223 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096223"
},
{
"category": "external",
"summary": "SUSE Bug 1096224 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:47:34Z",
"details": "moderate"
}
],
"title": "CVE-2018-11806"
},
{
"cve": "CVE-2018-12617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12617"
}
],
"notes": [
{
"category": "general",
"text": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12617",
"url": "https://www.suse.com/security/cve/CVE-2018-12617"
},
{
"category": "external",
"summary": "SUSE Bug 1098735 for CVE-2018-12617",
"url": "https://bugzilla.suse.com/1098735"
},
{
"category": "external",
"summary": "SUSE Bug 1098744 for CVE-2018-12617",
"url": "https://bugzilla.suse.com/1098744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:47:34Z",
"details": "moderate"
}
],
"title": "CVE-2018-12617"
},
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:47:34Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:47:34Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_34_3.0.101_108.57-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_34_3.0.101_108.57-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_34-61.32.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_34-61.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:47:34Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2048-1
Vulnerability from csaf_suse - Published: 2018-07-24 07:20 - Updated: 2018-07-24 07:20Summary
Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.74-92_32 fixes several issues.
The following security issue was fixed:
- CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740).
Patchnames: SUSE-SLE-SAP-12-SP2-2018-1383,SUSE-SLE-SERVER-12-SP2-2018-1383
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.74-92_32 fixes several issues.\n\nThe following security issue was fixed:\n\n- CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP2-2018-1383,SUSE-SLE-SERVER-12-SP2-2018-1383",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2048-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2048-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182048-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2048-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004304.html"
},
{
"category": "self",
"summary": "SUSE Bug 1090338",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "self",
"summary": "SUSE Bug 1096740",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2018-07-24T07:20:46Z",
"generator": {
"date": "2018-07-24T07:20:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2048-1",
"initial_release_date": "2018-07-24T07:20:46Z",
"revision_history": [
{
"date": "2018-07-24T07:20:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"product_id": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_32-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-24T07:20:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2056-1
Vulnerability from csaf_suse - Published: 2018-07-25 09:01 - Updated: 2018-07-25 09:01Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744).
- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).
- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
Bug fixes:
- bsc#1079730: Fix failed 'write' lock.
- bsc#1027519: Add upstream patches from January.
Patchnames: SUSE-SLE-SERVER-12-2018-1389
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n\nSecurity issues fixed:\n\n- CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744).\n- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).\n- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).\n- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).\n- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).\n\nBug fixes:\n\n- bsc#1079730: Fix failed \u0027write\u0027 lock.\n- bsc#1027519: Add upstream patches from January.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2018-1389",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2056-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2056-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182056-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2056-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004306.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1096224",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1098744",
"url": "https://bugzilla.suse.com/1098744"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11806 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12617 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-07-25T09:01:09Z",
"generator": {
"date": "2018-07-25T09:01:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2056-1",
"initial_release_date": "2018-07-25T09:01:09Z",
"revision_history": [
{
"date": "2018-07-25T09:01:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.4_34-22.71.2.x86_64",
"product": {
"name": "xen-4.4.4_34-22.71.2.x86_64",
"product_id": "xen-4.4.4_34-22.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_34-22.71.2.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_34-22.71.2.x86_64",
"product_id": "xen-doc-html-4.4.4_34-22.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"product_id": "xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_34-22.71.2.x86_64",
"product": {
"name": "xen-libs-4.4.4_34-22.71.2.x86_64",
"product_id": "xen-libs-4.4.4_34-22.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"product_id": "xen-libs-32bit-4.4.4_34-22.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_34-22.71.2.x86_64",
"product": {
"name": "xen-tools-4.4.4_34-22.71.2.x86_64",
"product_id": "xen-tools-4.4.4_34-22.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_34-22.71.2.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_34-22.71.2.x86_64",
"product_id": "xen-tools-domU-4.4.4_34-22.71.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_34-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64"
},
"product_reference": "xen-4.4.4_34-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_34-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_34-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_34-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64"
},
"product_reference": "xen-libs-4.4.4_34-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_34-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_34-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64"
},
"product_reference": "xen-tools-4.4.4_34-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_34-22.71.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_34-22.71.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11806"
}
],
"notes": [
{
"category": "general",
"text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11806",
"url": "https://www.suse.com/security/cve/CVE-2018-11806"
},
{
"category": "external",
"summary": "SUSE Bug 1096223 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096223"
},
{
"category": "external",
"summary": "SUSE Bug 1096224 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-11806"
},
{
"cve": "CVE-2018-12617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12617"
}
],
"notes": [
{
"category": "general",
"text": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12617",
"url": "https://www.suse.com/security/cve/CVE-2018-12617"
},
{
"category": "external",
"summary": "SUSE Bug 1098735 for CVE-2018-12617",
"url": "https://bugzilla.suse.com/1098735"
},
{
"category": "external",
"summary": "SUSE Bug 1098744 for CVE-2018-12617",
"url": "https://bugzilla.suse.com/1098744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-12617"
},
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:09Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:09Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_34_k3.12.61_52.136-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_34-22.71.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_34-22.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2059-1
Vulnerability from csaf_suse - Published: 2018-07-25 09:01 - Updated: 2018-07-25 09:01Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).
- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
- CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).
- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).
Bug fixes:
- bsc#1027519: Add upstream patches from January.
- bsc#1087289: Fix xen scheduler crash.
Patchnames: SUSE-SLE-DESKTOP-12-SP3-2018-1388,SUSE-SLE-SDK-12-SP3-2018-1388,SUSE-SLE-SERVER-12-SP3-2018-1388
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).\n- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).\n- CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).\n- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).\n- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).\n\nBug fixes:\n\n- bsc#1027519: Add upstream patches from January.\n- bsc#1087289: Fix xen scheduler crash.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-1388,SUSE-SLE-SDK-12-SP3-2018-1388,SUSE-SLE-SERVER-12-SP3-2018-1388",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2059-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2059-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182059-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2059-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004308.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1087289",
"url": "https://bugzilla.suse.com/1087289"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1096224",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1097523",
"url": "https://bugzilla.suse.com/1097523"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11806 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-07-25T09:01:02Z",
"generator": {
"date": "2018-07-25T09:01:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2059-1",
"initial_release_date": "2018-07-25T09:01:02Z",
"revision_history": [
{
"date": "2018-07-25T09:01:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.2_08-3.35.2.aarch64",
"product": {
"name": "xen-devel-4.9.2_08-3.35.2.aarch64",
"product_id": "xen-devel-4.9.2_08-3.35.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-4.9.2_08-3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-libs-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-libs-4.9.2_08-3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-devel-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-devel-4.9.2_08-3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-doc-html-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-doc-html-4.9.2_08-3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-tools-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-tools-4.9.2_08-3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"product": {
"name": "xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"product_id": "xen-tools-domU-4.9.2_08-3.35.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-libs-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.9.2_08-3.35.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64"
},
"product_reference": "xen-devel-4.9.2_08-3.35.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-devel-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-libs-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-tools-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-libs-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-tools-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.2_08-3.35.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11806"
}
],
"notes": [
{
"category": "general",
"text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11806",
"url": "https://www.suse.com/security/cve/CVE-2018-11806"
},
{
"category": "external",
"summary": "SUSE Bug 1096223 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096223"
},
{
"category": "external",
"summary": "SUSE Bug 1096224 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-11806"
},
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:02Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12892"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as \"sd\" in the libxl disk configuration, or an equivalent) are affected. IDE disks (\"hd\") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12892",
"url": "https://www.suse.com/security/cve/CVE-2018-12892"
},
{
"category": "external",
"summary": "SUSE Bug 1097523 for CVE-2018-12892",
"url": "https://bugzilla.suse.com/1097523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:02Z",
"details": "important"
}
],
"title": "CVE-2018-12892"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:02Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.2_08-3.35.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.2_08-3.35.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-25T09:01:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2069-1
Vulnerability from csaf_suse - Published: 2018-07-26 14:46 - Updated: 2018-07-26 14:46Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744).
- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).
- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
Bug fixes:
- bsc#1079730: Fix failed 'write' lock.
- bsc#1027519: Add upstream patches from January.
Patchnames: SUSE-SLE-SAP-12-SP1-2018-1406,SUSE-SLE-SERVER-12-SP1-2018-1406
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744).\n- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).\n- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).\n- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).\n- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).\n\nBug fixes:\n\n- bsc#1079730: Fix failed \u0027write\u0027 lock.\n- bsc#1027519: Add upstream patches from January.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2018-1406,SUSE-SLE-SERVER-12-SP1-2018-1406",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2069-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2069-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182069-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2069-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004315.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1096224",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1098744",
"url": "https://bugzilla.suse.com/1098744"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11806 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12617 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-07-26T14:46:21Z",
"generator": {
"date": "2018-07-26T14:46:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2069-1",
"initial_release_date": "2018-07-26T14:46:21Z",
"revision_history": [
{
"date": "2018-07-26T14:46:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.5.5_24-22.52.3.x86_64",
"product": {
"name": "xen-4.5.5_24-22.52.3.x86_64",
"product_id": "xen-4.5.5_24-22.52.3.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.5.5_24-22.52.3.x86_64",
"product": {
"name": "xen-doc-html-4.5.5_24-22.52.3.x86_64",
"product_id": "xen-doc-html-4.5.5_24-22.52.3.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"product": {
"name": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"product_id": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.5.5_24-22.52.3.x86_64",
"product": {
"name": "xen-libs-4.5.5_24-22.52.3.x86_64",
"product_id": "xen-libs-4.5.5_24-22.52.3.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"product": {
"name": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"product_id": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.5.5_24-22.52.3.x86_64",
"product": {
"name": "xen-tools-4.5.5_24-22.52.3.x86_64",
"product_id": "xen-tools-4.5.5_24-22.52.3.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"product": {
"name": "xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"product_id": "xen-tools-domU-4.5.5_24-22.52.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-doc-html-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64"
},
"product_reference": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-libs-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-tools-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-doc-html-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64"
},
"product_reference": "xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-libs-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-tools-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.5_24-22.52.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
},
"product_reference": "xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11806"
}
],
"notes": [
{
"category": "general",
"text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11806",
"url": "https://www.suse.com/security/cve/CVE-2018-11806"
},
{
"category": "external",
"summary": "SUSE Bug 1096223 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096223"
},
{
"category": "external",
"summary": "SUSE Bug 1096224 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:46:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-11806"
},
{
"cve": "CVE-2018-12617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12617"
}
],
"notes": [
{
"category": "general",
"text": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12617",
"url": "https://www.suse.com/security/cve/CVE-2018-12617"
},
{
"category": "external",
"summary": "SUSE Bug 1098735 for CVE-2018-12617",
"url": "https://bugzilla.suse.com/1098735"
},
{
"category": "external",
"summary": "SUSE Bug 1098744 for CVE-2018-12617",
"url": "https://bugzilla.suse.com/1098744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:46:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-12617"
},
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:46:21Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:46:21Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_24_k3.12.74_60.64.96-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_24-22.52.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_24-22.52.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:46:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2081-1
Vulnerability from csaf_suse - Published: 2018-07-27 10:43 - Updated: 2018-07-27 10:43Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521).
- CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).
- CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).
- CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242).
Bug fixes:
- bsc#1027519: Update to Xen 4.7.6 bug fix only release.
- bsc#1087289: Xen BUG at sched_credit.c:1663.
- bsc#1094725: `virsh blockresize` does not work with Xen qdisks.
Patchnames: SUSE-OpenStack-Cloud-7-2018-1414,SUSE-SLE-SAP-12-SP2-2018-1414,SUSE-SLE-SERVER-12-SP2-2018-1414,SUSE-Storage-4-2018-1414
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521).\n- CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).\n- CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522).\n- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).\n- CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242).\n\nBug fixes:\n\n- bsc#1027519: Update to Xen 4.7.6 bug fix only release.\n- bsc#1087289: Xen BUG at sched_credit.c:1663.\n- bsc#1094725: `virsh blockresize` does not work with Xen qdisks.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-1414,SUSE-SLE-SAP-12-SP2-2018-1414,SUSE-SLE-SERVER-12-SP2-2018-1414,SUSE-Storage-4-2018-1414",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2081-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2081-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182081-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2081-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004323.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1087289",
"url": "https://bugzilla.suse.com/1087289"
},
{
"category": "self",
"summary": "SUSE Bug 1094725",
"url": "https://bugzilla.suse.com/1094725"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1096224",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1097523",
"url": "https://bugzilla.suse.com/1097523"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11806 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-07-27T10:43:34Z",
"generator": {
"date": "2018-07-27T10:43:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2081-1",
"initial_release_date": "2018-07-27T10:43:34Z",
"revision_history": [
{
"date": "2018-07-27T10:43:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-doc-html-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-libs-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-tools-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-tools-domU-4.7.6_02-43.36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_02-43.36.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_02-43.36.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11806"
}
],
"notes": [
{
"category": "general",
"text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11806",
"url": "https://www.suse.com/security/cve/CVE-2018-11806"
},
{
"category": "external",
"summary": "SUSE Bug 1096223 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096223"
},
{
"category": "external",
"summary": "SUSE Bug 1096224 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-27T10:43:34Z",
"details": "moderate"
}
],
"title": "CVE-2018-11806"
},
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-27T10:43:34Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12892"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as \"sd\" in the libxl disk configuration, or an equivalent) are affected. IDE disks (\"hd\") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12892",
"url": "https://www.suse.com/security/cve/CVE-2018-12892"
},
{
"category": "external",
"summary": "SUSE Bug 1097523 for CVE-2018-12892",
"url": "https://bugzilla.suse.com/1097523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-27T10:43:34Z",
"details": "important"
}
],
"title": "CVE-2018-12892"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-27T10:43:34Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-27T10:43:34Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2081-2
Vulnerability from csaf_suse - Published: 2018-10-18 12:48 - Updated: 2018-10-18 12:48Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521).
- CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).
- CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).
- CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242).
Bug fixes:
- bsc#1027519: Update to Xen 4.7.6 bug fix only release.
- bsc#1087289: Xen BUG at sched_credit.c:1663.
- bsc#1094725: `virsh blockresize` does not work with Xen qdisks.
Patchnames: SUSE-SLE-SERVER-12-SP2-BCL-2018-1414
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521).\n- CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).\n- CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522).\n- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).\n- CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242).\n\nBug fixes:\n\n- bsc#1027519: Update to Xen 4.7.6 bug fix only release.\n- bsc#1087289: Xen BUG at sched_credit.c:1663.\n- bsc#1094725: `virsh blockresize` does not work with Xen qdisks.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-1414",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2081-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2081-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182081-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2081-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004736.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1087289",
"url": "https://bugzilla.suse.com/1087289"
},
{
"category": "self",
"summary": "SUSE Bug 1094725",
"url": "https://bugzilla.suse.com/1094725"
},
{
"category": "self",
"summary": "SUSE Bug 1095242",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "self",
"summary": "SUSE Bug 1096224",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "self",
"summary": "SUSE Bug 1097521",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "self",
"summary": "SUSE Bug 1097522",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "self",
"summary": "SUSE Bug 1097523",
"url": "https://bugzilla.suse.com/1097523"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11806 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12891 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12893 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-10-18T12:48:21Z",
"generator": {
"date": "2018-10-18T12:48:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2081-2",
"initial_release_date": "2018-10-18T12:48:21Z",
"revision_history": [
{
"date": "2018-10-18T12:48:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-doc-html-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-libs-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-tools-4.7.6_02-43.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"product_id": "xen-tools-domU-4.7.6_02-43.36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_02-43.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_02-43.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11806"
}
],
"notes": [
{
"category": "general",
"text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11806",
"url": "https://www.suse.com/security/cve/CVE-2018-11806"
},
{
"category": "external",
"summary": "SUSE Bug 1096223 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096223"
},
{
"category": "external",
"summary": "SUSE Bug 1096224 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1096224"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-11806",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-11806"
},
{
"cve": "CVE-2018-12891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12891"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12891",
"url": "https://www.suse.com/security/cve/CVE-2018-12891"
},
{
"category": "external",
"summary": "SUSE Bug 1097521 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1097521"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12891",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:48:21Z",
"details": "important"
}
],
"title": "CVE-2018-12891"
},
{
"cve": "CVE-2018-12892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12892"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as \"sd\" in the libxl disk configuration, or an equivalent) are affected. IDE disks (\"hd\") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12892",
"url": "https://www.suse.com/security/cve/CVE-2018-12892"
},
{
"category": "external",
"summary": "SUSE Bug 1097523 for CVE-2018-12892",
"url": "https://bugzilla.suse.com/1097523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:48:21Z",
"details": "important"
}
],
"title": "CVE-2018-12892"
},
{
"cve": "CVE-2018-12893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12893"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12893",
"url": "https://www.suse.com/security/cve/CVE-2018-12893"
},
{
"category": "external",
"summary": "SUSE Bug 1097522 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1097522"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12893",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:48:21Z",
"details": "important"
}
],
"title": "CVE-2018-12893"
},
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_02-43.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_02-43.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
SUSE-SU-2018:2086-1
Vulnerability from csaf_suse - Published: 2018-07-27 13:40 - Updated: 2018-07-27 13:40Summary
Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues.
The following security issue was fixed:
- CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740).
Patchnames: SUSE-SLE-SAP-12-SP1-2018-1443,SUSE-SLE-SERVER-12-SP1-2018-1443
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues.\n\nThe following security issue was fixed:\n\n- CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2018-1443,SUSE-SLE-SERVER-12-SP1-2018-1443",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2086-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2086-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182086-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2086-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004328.html"
},
{
"category": "self",
"summary": "SUSE Bug 1090338",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "self",
"summary": "SUSE Bug 1096740",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3665/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2018-07-27T13:40:06Z",
"generator": {
"date": "2018-07-27T13:40:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2086-1",
"initial_release_date": "2018-07-27T13:40:06Z",
"revision_history": [
{
"date": "2018-07-27T13:40:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3665"
}
],
"notes": [
{
"category": "general",
"text": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3665",
"url": "https://www.suse.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1087086 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1087086"
},
{
"category": "external",
"summary": "SUSE Bug 1090338 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1090338"
},
{
"category": "external",
"summary": "SUSE Bug 1095241 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095241"
},
{
"category": "external",
"summary": "SUSE Bug 1095242 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1095242"
},
{
"category": "external",
"summary": "SUSE Bug 1096740 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1096740"
},
{
"category": "external",
"summary": "SUSE Bug 1100091 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "external",
"summary": "SUSE Bug 1100555 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1100555"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3665",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-27T13:40:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-3665"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…