[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2017:1795-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":46,"duplicates":47,"related":48,"reserved_at":9,"published_at":65,"modified_at":66,"state":9,"summary":67,"references_raw":69,"kevs":214,"epss":9,"epss_history":215,"metrics":216,"affected":217},"SUSE-SU-2017:1795-1","Security update for xen\n\nThis update for xen fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297)\n- CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074)\n- CVE-2017-10911: blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n- CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n- CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n- CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n- CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n- CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n- CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n- CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n- CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470)\n- CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\nThese non-security issues were fixed:\n\n- bsc#1031460: Fixed DomU Live Migration\n- bsc#1014136: Fixed kdump SLES12-SP2\n- bsc#1026236: Equalized paravirtualized vs. fully virtualized migration speed\n- bsc#1032148: Ensure that time doesn't goes backwards during live migration of HVM domU\n- bsc#1027519: Included various upstream patches\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44],{"_key":15},"CVE-2017-10911",{"_key":17},"CVE-2017-10912",{"_key":19},"CVE-2017-10913",{"_key":21},"CVE-2017-10914",{"_key":23},"CVE-2017-10915",{"_key":25},"CVE-2017-10917",{"_key":27},"CVE-2017-10918",{"_key":29},"CVE-2017-10920",{"_key":31},"CVE-2017-10921",{"_key":33},"CVE-2017-10922",{"_key":35},"CVE-2017-8112",{"_key":37},"CVE-2017-8309",{"_key":39},"CVE-2017-8905",{"_key":41},"CVE-2017-9330",{"_key":43},"CVE-2017-9374",{"_key":45},"CVE-2017-9503",[],[],[49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},"2017-07-06T09:40:48Z","2026-02-04T03:52:49.357865Z",{"cisa_kev":68,"cisa_ransomware":68,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[70,76,81,85,89,93,97,101,105,109,113,117,121,125,129,133,137,141,145,149,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210],{"url":71,"sources":72,"tags":74},"https://www.suse.com/support/update/announcement/2017/suse-su-20171795-1/",[73],"osv_suse",[75],"Advisory",{"url":77,"sources":78,"tags":79},"https://bugzilla.suse.com/1014136",[73],[80],"REPORT",{"url":82,"sources":83,"tags":84},"https://bugzilla.suse.com/1026236",[73],[80],{"url":86,"sources":87,"tags":88},"https://bugzilla.suse.com/1027519",[73],[80],{"url":90,"sources":91,"tags":92},"https://bugzilla.suse.com/1031460",[73],[80],{"url":94,"sources":95,"tags":96},"https://bugzilla.suse.com/1032148",[73],[80],{"url":98,"sources":99,"tags":100},"https://bugzilla.suse.com/1034845",[73],[80],{"url":102,"sources":103,"tags":104},"https://bugzilla.suse.com/1036470",[73],[80],{"url":106,"sources":107,"tags":108},"https://bugzilla.suse.com/1037243",[73],[80],{"url":110,"sources":111,"tags":112},"https://bugzilla.suse.com/1042160",[73],[80],{"url":114,"sources":115,"tags":116},"https://bugzilla.suse.com/1042863",[73],[80],{"url":118,"sources":119,"tags":120},"https://bugzilla.suse.com/1042882",[73],[80],{"url":122,"sources":123,"tags":124},"https://bugzilla.suse.com/1042893",[73],[80],{"url":126,"sources":127,"tags":128},"https://bugzilla.suse.com/1042915",[73],[80],{"url":130,"sources":131,"tags":132},"https://bugzilla.suse.com/1042924",[73],[80],{"url":134,"sources":135,"tags":136},"https://bugzilla.suse.com/1042931",[73],[80],{"url":138,"sources":139,"tags":140},"https://bugzilla.suse.com/1042938",[73],[80],{"url":142,"sources":143,"tags":144},"https://bugzilla.suse.com/1043074",[73],[80],{"url":146,"sources":147,"tags":148},"https://bugzilla.suse.com/1043297",[73],[80],{"url":150,"sources":151,"tags":152},"https://www.suse.com/security/cve/CVE-2017-10911",[73],[153],"WEB",{"url":155,"sources":156,"tags":157},"https://www.suse.com/security/cve/CVE-2017-10912",[73],[153],{"url":159,"sources":160,"tags":161},"https://www.suse.com/security/cve/CVE-2017-10913",[73],[153],{"url":163,"sources":164,"tags":165},"https://www.suse.com/security/cve/CVE-2017-10914",[73],[153],{"url":167,"sources":168,"tags":169},"https://www.suse.com/security/cve/CVE-2017-10915",[73],[153],{"url":171,"sources":172,"tags":173},"https://www.suse.com/security/cve/CVE-2017-10917",[73],[153],{"url":175,"sources":176,"tags":177},"https://www.suse.com/security/cve/CVE-2017-10918",[73],[153],{"url":179,"sources":180,"tags":181},"https://www.suse.com/security/cve/CVE-2017-10920",[73],[153],{"url":183,"sources":184,"tags":185},"https://www.suse.com/security/cve/CVE-2017-10921",[73],[153],{"url":187,"sources":188,"tags":189},"https://www.suse.com/security/cve/CVE-2017-10922",[73],[153],{"url":191,"sources":192,"tags":193},"https://www.suse.com/security/cve/CVE-2017-8112",[73],[153],{"url":195,"sources":196,"tags":197},"https://www.suse.com/security/cve/CVE-2017-8309",[73],[153],{"url":199,"sources":200,"tags":201},"https://www.suse.com/security/cve/CVE-2017-8905",[73],[153],{"url":203,"sources":204,"tags":205},"https://www.suse.com/security/cve/CVE-2017-9330",[73],[153],{"url":207,"sources":208,"tags":209},"https://www.suse.com/security/cve/CVE-2017-9374",[73],[153],{"url":211,"sources":212,"tags":213},"https://www.suse.com/security/cve/CVE-2017-9503",[73],[153],[],[],[],[218,231],{"ecosystem":219,"name":220,"vendor":221,"product":222,"cpe_part":9,"purl_type":223,"purl_namespace":221,"purl_name":222,"source":9,"versions":224},"SUSE Linux Enterprise","xen","suse","xen&distro=SUSE Linux Enterprise Server 12-LTSS","rpm",[225],{"version":226,"is_range":227,"range_type":228,"version_start":9,"version_start_type":9,"version_end":229,"version_end_type":230,"fixed_in":9},"lt4_4_4_21_22_42_1",true,"ecosystem","4.4.4_21-22.42.1","excluding",{"ecosystem":219,"name":220,"vendor":221,"product":232,"cpe_part":9,"purl_type":223,"purl_namespace":221,"purl_name":232,"source":9,"versions":233},"xen&distro=SUSE Linux Enterprise Server for SAP Applications 12",[234],{"version":226,"is_range":227,"range_type":228,"version_start":9,"version_start_type":9,"version_end":229,"version_end_type":230,"fixed_in":9}]