Vulnerabilities > CVE-2014-7188 - Resource Management Errors vulnerability in XEN

CVSS 8.3 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

low complexity

xen

CWE-399

nessus

NVD

Published: 2014-10-02

Updated: 2018-10-30

Summary

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN 4.1.0 XEN XEN 4.1.1 XEN XEN 4.1.2 XEN XEN 4.1.3 XEN XEN 4.1.4 XEN XEN 4.1.5 XEN XEN 4.1.6.1 XEN XEN 4.2.0 XEN XEN 4.2.1 XEN XEN 4.2.2 XEN XEN 4.2.3 XEN XEN 4.3.0 XEN XEN 4.3.1 XEN XEN 4.4.0 XEN XEN 4.4.1	16

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201412-42.NASL
description	The remote host is affected by the vulnerability described in GLSA-201412-42 (Xen: Denial of Service) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local user could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	80263
published	2014-12-29
reporter	This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80263
title	GLSA-201412-42 : Xen: Denial of Service
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-42. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(80263); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2015/04/13 14:33:56 $"); script_cve_id("CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"); script_bugtraq_id(70055, 70057, 70062, 70198); script_xref(name:"GLSA", value:"201412-42"); script_name(english:"GLSA-201412-42 : Xen: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-42 (Xen: Denial of Service) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local user could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-42" ); script_set_attribute( attribute:"solution", value: "All xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.5-r1' All xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.3.3-r3'" ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("rge 4.2.5-r1", "ge 4.3.3-r3"), vulnerable:make_list("lt 4.3.3-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2014-0025.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - x86/HVM: properly bound x2APIC MSR range This is XSA-108. Additional changelog comments added to 4.3.0-55.el6.0.0.3 (CVE-2014-7188) - Fix for bug 19698535 - x86emul: only emulate software interrupt injection for real mode Protected mode emulation currently lacks proper privilege checking of the referenced IDT entry, and there
last seen	2020-06-01
modified	2020-06-02
plugin id	79541
published	2014-11-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79541
title	OracleVM 3.3 : xen (OVMSA-2014-0025)
code	# # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2014-0025. # include("compat.inc"); if (description) { script_id(79541); script_version("1.6"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"); script_bugtraq_id(70057, 70062, 70198); script_name(english:"OracleVM 3.3 : xen (OVMSA-2014-0025)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - x86/HVM: properly bound x2APIC MSR range This is XSA-108. Additional changelog comments added to 4.3.0-55.el6.0.0.3 (CVE-2014-7188) - Fix for bug 19698535 - x86emul: only emulate software interrupt injection for real mode Protected mode emulation currently lacks proper privilege checking of the referenced IDT entry, and there's currently no legitimate way for any of the respective instructions to reach the emulator when the guest is in protected mode. This is XSA-106. (CVE-2014-7156) - x86/emulate: check cpl for all privileged instructions Without this, it is possible for userspace to load its own IDT or GDT. This is XSA-105. (CVE-2014-7155)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2014-October/000226.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?464e91f4" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) \|\| "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]\|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"xen-4.3.0-55.el6.0.0.4")) flag++; if (rpm_check(release:"OVS3.3", reference:"xen-tools-4.3.0-55.el6.0.0.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-tools"); }

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2015-0068.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details.
last seen	2020-06-01
modified	2020-06-02
plugin id	84140
published	2015-06-12
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84140
title	OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)
code	# # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2015-0068. # include("compat.inc"); if (description) { script_id(84140); script_version("2.18"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164"); script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149); script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) \|\| "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]\|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-580.NASL
description	XEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The
last seen	2020-06-05
modified	2014-10-10
plugin id	78117
published	2014-10-10
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78117
title	openSUSE Security Update : xen (openSUSE-SU-2014:1281-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-580. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(78117); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4344", "CVE-2013-4540", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"); script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2014:1281-1)"); script_summary(english:"Check for the openSUSE-2014-580 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "XEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The 'long' option doesn't work with 'xl list' - bnc#882127 - Xen kernel panics on booting SLES12 Beta 8 - bnc#865682 - Local attach support for PHY backends using scripts - bnc#798770 - Improve multipath support for npiv devices" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=842006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864801" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=865682" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=875668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=878841" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=880751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=882127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895799" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895802" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896023" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=897657" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-10/msg00010.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.2_02-27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3041.NASL
description	Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.
last seen	2020-03-17
modified	2014-10-02
plugin id	78027
published	2014-10-02
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78027
title	Debian DSA-3041-1 : xen - security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2014-1710-1.NASL
description	xen was updated to fix 14 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of
last seen	2020-06-05
modified	2015-05-20
plugin id	83654
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83654
title	SUSE SLES11 Security Update : xen (SUSE-SU-2014:1710-1)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2018-0248.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.
last seen	2020-06-01
modified	2020-06-02
plugin id	111992
published	2018-08-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111992
title	OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-12000.NASL
description	Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] Race condition in HVMOP_track_dirty_vram [XSA-104] (#1145736) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105] (#1145737) Missing privilege level checks in x86 emulation of software interrupts [XSA-106] (#1145738) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-10-12
plugin id	78375
published	2014-10-12
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78375
title	Fedora 19 : xen-4.2.5-3.fc19 (2014-12000)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-12002.NASL
description	Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] xen support is in 256k seabios binary when it exists (#1146260) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-10-09
plugin id	78102
published	2014-10-09
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78102
title	Fedora 21 : xen-4.4.1-6.fc21 (2014-12002)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_XEN-201409-141002.NASL
description	The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation. (bnc#897657) - XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts. (bnc#895802) - XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation. (bnc#895799) - XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram. (bnc#895798) - XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests. (bnc#880751) - XSA-96: CVE-2014-3967 / CVE-2014-3968: Vulnerabilities in HVM MSI injection. (bnc#878841) - XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible. (bnc#867910) - XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow. (bnc#842006) - qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed:. (CVE-2013-4540) - xend: Fix netif convertToDeviceNumber for running domains. (bnc#891539) - Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM. (bnc#882092) - XEN kernel panic do_device_not_available(). (bnc#881900) - Boot Failure with xen kernel in UEFI mode with error
last seen	2020-06-05
modified	2014-10-23
plugin id	78652
published	2014-10-23
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78652
title	SuSE 11.3 Security Update : Xen (SAT Patch Number 9828)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-579.NASL
description	XEN was updated to fix various bugs and security issues. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection - bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#891539 - xend: fix netif convertToDeviceNumber for running domains - bnc#820873 - The
last seen	2020-06-05
modified	2014-10-10
plugin id	78116
published	2014-10-10
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78116
title	openSUSE Security Update : xen (openSUSE-SU-2014:1279-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-12036.NASL
description	Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] Race condition in HVMOP_track_dirty_vram [XSA-104] (#1145736) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105] (#1145737) Missing privilege level checks in x86 emulation of software interrupts [XSA-106] (#1145738) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-10-12
plugin id	78376
published	2014-10-12
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78376
title	Fedora 20 : xen-4.3.3-3.fc20 (2014-12036)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2014-0026.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - x86/HVM: properly bound x2APIC MSR range This is XSA-108. Additional changelog comments added to 4.1.3-25.el5.94.1.3 (CVE-2014-7188) - Fix for bug 19698532 - x86emul: only emulate software interrupt injection for real mode Protected mode emulation currently lacks proper privilege checking of the referenced IDT entry, and there
last seen	2020-06-01
modified	2020-06-02
plugin id	79542
published	2014-11-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79542
title	OracleVM 3.2 : xen (OVMSA-2014-0026)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References