SUSE-SU-2017:1058-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 19 Apr 2017, 07:16
Last modified:04 Feb 2026, 04:38
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
19 Apr 2017, 07:16
Published
Vulnerability first disclosed
04 Feb 2026, 04:38
Last Modified
Vulnerability information updated
Description
Security update for xen This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).
Affected Systems
- suse•xen&distro=SUSE Linux Enterprise Point of Sale 11 SP3
< 4.2.5_21-38.1
- suse•xen&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
< 4.2.5_21-38.1
- suse•xen&distro=SUSE Manager 2.1
< 4.2.5_21-38.1
- suse•xen&distro=SUSE Manager Proxy 2.1
< 4.2.5_21-38.1
- suse•xen&distro=SUSE OpenStack Cloud 5
< 4.2.5_21-38.1
References (7)
- https://www.suse.com/support/update/announcement/2017/suse-su-20171058-1/
- https://bugzilla.suse.com/1027570
- https://bugzilla.suse.com/1028235
- https://bugzilla.suse.com/1030442
- https://www.suse.com/security/cve/CVE-2017-6414
- https://www.suse.com/security/cve/CVE-2017-6505
- https://www.suse.com/security/cve/CVE-2017-7228