Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1923-1)
Summary:The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1923-1 advisory.
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1923-1 advisory.

Vulnerability Insight:
The Xen hypervisor and tool-suite have been updated to fix security issues and bugs:

* CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution.
* CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks.
* CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances.
* CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked.
* CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed.

Non-security bugs have also been fixed:

* bnc#840997: It is possible to start a VM twice on the same node.
* bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar.
* bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing.
* bnc#846849: Soft lock-up with PCI pass-through and many VCPUs.
* bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'.
* Increase the maximum supported CPUs in the Hypervisor to 512.

Security Issues:

* CVE-2013-1922
* CVE-2013-2007
* CVE-2013-4375
* CVE-2013-4416
* CVE-2013-4494
* CVE-2013-4551
* CVE-2013-4553
* CVE-2013-4554

Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1922
Common Vulnerability Exposure (CVE) ID: CVE-2013-2007
BugTraq ID: 59675
RedHat Security Advisories: RHSA-2013:0791
RedHat Security Advisories: RHSA-2013:0896
SuSE Security Announcement: openSUSE-SU-2013:1202 (Google Search)
XForce ISS Database: qemu-cve20132007-priv-esc(84047)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4375
Common Vulnerability Exposure (CVE) ID: CVE-2013-4416
BugTraq ID: 63404
SuSE Security Announcement: openSUSE-SU-2013:1636 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1876 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4494
Debian Security Information: DSA-3006 (Google Search)
RedHat Security Advisories: RHSA-2014:0108
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4551
BugTraq ID: 63625
XForce ISS Database: xen-cve20134551-dos(88649)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4553
SuSE Security Announcement: SUSE-SU-2014:0372 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4554
RedHat Security Advisories: RHSA-2014:0285
Common Vulnerability Exposure (CVE) ID: CVE-2013-6375
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.