SUSE-SU-2015:1042-1

Advisory lineage Upstream: 7 Downstream: 0

Upstream

CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163

Published: 03 Jun 2015, 12:47

Last modified:04 Feb 2026, 02:38

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Jun 2015, 12:47

Published

Vulnerability first disclosed

04 Feb 2026, 02:38

Last Modified

Vulnerability information updated

Description

Security update for xen Xen was updated to fix seven security issues and one non-security bug. The following vulnerabilities were fixed: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (bnc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (bnc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (bnc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (bnc#931628) * CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (bnc#932790) * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (bnc#932770) * CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (bnc#932996) The following non-security bug was fixed: * bnc#906689: let systemd schedule xencommons after network-online.target and remote-fs.target so that xendomains has access to remote shares

Affected Systems

suse•xen&distro=SUSE Linux Enterprise Desktop 12
< 4.4.2_06-21.1
suse•xen&distro=SUSE Linux Enterprise Server 12
< 4.4.2_06-21.1
suse•xen&distro=SUSE Linux Enterprise Server for SAP Applications 12
< 4.4.2_06-21.1
suse•xen&distro=SUSE Linux Enterprise Software Development Kit 12
< 4.4.2_06-21.1

SUSE-SU-2015:1042-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (16)