[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2019:0003-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":36,"duplicates":37,"related":38,"reserved_at":9,"published_at":50,"modified_at":51,"state":9,"summary":52,"references_raw":54,"kevs":155,"epss":9,"epss_history":156,"metrics":157,"affected":158},"SUSE-SU-2019:0003-1","Security update for xen\n\nThis update for xen fixes the following issues:\n\n- Update to Xen 4.11.1 bug fix release (bsc#1027519)\n\n- CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which\n  could occur when a packet with large packet size is processed. A user inside\n  a guest could have used this flaw to crash the qemu process resulting in a\n  Denial of Service (DoS). (bsc#1111014)\n- CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI\n  host bus adapter emulation, which allowed a user and/or process to crash the\n  qemu process resulting in a Denial of Service (DoS). (bsc#1114423)\n- CVE-2018-18883: Fixed an issue related to inproper restriction of nested\n  VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of\n  Service (DoS). (XSA-278) (bsc#1114405)\n- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB\n  flushing with AMD IOMMUs, which potentially allowed a guest to escalate its\n  privileges, may cause a Denial of Service (DoS) affecting the entire host, or\n  may be able to access data it is not supposed to access. (XSA-275)\n  (bsc#1115040)\n- CVE-2018-19963: Fixed the allocation of pages used to communicate with\n  external emulators, which may have cuased Xen to crash, resulting in a Denial\n  of Service (DoS). (XSA-276) (bsc#1115043)\n- CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case\n  non-canonical addresses are accessed, which may allow a guest to cause Xen to\n  crash, resulting in a Denial of Service (DoS) affecting the entire host.\n  (XSA-279) (bsc#1115045)\n- CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which\n  conflicted with shadow paging and allowed a guest to cause Xen to crash,\n  resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047)\n- CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host,\n  resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)\n- CVE-2018-19964: Fixed the incorrect error handling of p2m page removals,\n  which allowed a guest to cause a deadlock, resulting in a Denial of Service\n  (DoS) affecting the entire host. (XSA-277) (bsc#1115044)\n- CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in\n  various Bluetooth functions, allowing this to crash qemu process resulting in\n  Denial of Service (DoS). (bsc#1117756).\n\nOther bugs fixed:\n\n- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)\n\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34],{"_key":15},"CVE-2018-17963",{"_key":17},"CVE-2018-18849",{"_key":19},"CVE-2018-18883",{"_key":21},"CVE-2018-19665",{"_key":23},"CVE-2018-19961",{"_key":25},"CVE-2018-19962",{"_key":27},"CVE-2018-19963",{"_key":29},"CVE-2018-19964",{"_key":31},"CVE-2018-19965",{"_key":33},"CVE-2018-19966",{"_key":35},"CVE-2018-19967",[],[],[39,40,41,42,43,44,45,46,47,48,49],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},"2019-01-02T10:39:50Z","2026-02-04T04:40:34.890337Z",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[55,61,66,70,74,78,82,86,90,94,98,102,106,110,115,119,123,127,131,135,139,143,147,151],{"url":56,"sources":57,"tags":59},"https://www.suse.com/support/update/announcement/2019/suse-su-20190003-1/",[58],"osv_suse",[60],"Advisory",{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1027519",[58],[65],"REPORT",{"url":67,"sources":68,"tags":69},"https://bugzilla.suse.com/1108940",[58],[65],{"url":71,"sources":72,"tags":73},"https://bugzilla.suse.com/1111014",[58],[65],{"url":75,"sources":76,"tags":77},"https://bugzilla.suse.com/1114405",[58],[65],{"url":79,"sources":80,"tags":81},"https://bugzilla.suse.com/1114423",[58],[65],{"url":83,"sources":84,"tags":85},"https://bugzilla.suse.com/1114988",[58],[65],{"url":87,"sources":88,"tags":89},"https://bugzilla.suse.com/1115040",[58],[65],{"url":91,"sources":92,"tags":93},"https://bugzilla.suse.com/1115043",[58],[65],{"url":95,"sources":96,"tags":97},"https://bugzilla.suse.com/1115044",[58],[65],{"url":99,"sources":100,"tags":101},"https://bugzilla.suse.com/1115045",[58],[65],{"url":103,"sources":104,"tags":105},"https://bugzilla.suse.com/1115047",[58],[65],{"url":107,"sources":108,"tags":109},"https://bugzilla.suse.com/1117756",[58],[65],{"url":111,"sources":112,"tags":113},"https://www.suse.com/security/cve/CVE-2018-17963",[58],[114],"WEB",{"url":116,"sources":117,"tags":118},"https://www.suse.com/security/cve/CVE-2018-18849",[58],[114],{"url":120,"sources":121,"tags":122},"https://www.suse.com/security/cve/CVE-2018-18883",[58],[114],{"url":124,"sources":125,"tags":126},"https://www.suse.com/security/cve/CVE-2018-19665",[58],[114],{"url":128,"sources":129,"tags":130},"https://www.suse.com/security/cve/CVE-2018-19961",[58],[114],{"url":132,"sources":133,"tags":134},"https://www.suse.com/security/cve/CVE-2018-19962",[58],[114],{"url":136,"sources":137,"tags":138},"https://www.suse.com/security/cve/CVE-2018-19963",[58],[114],{"url":140,"sources":141,"tags":142},"https://www.suse.com/security/cve/CVE-2018-19964",[58],[114],{"url":144,"sources":145,"tags":146},"https://www.suse.com/security/cve/CVE-2018-19965",[58],[114],{"url":148,"sources":149,"tags":150},"https://www.suse.com/security/cve/CVE-2018-19966",[58],[114],{"url":152,"sources":153,"tags":154},"https://www.suse.com/security/cve/CVE-2018-19967",[58],[114],[],[],[],[159,172,176,180],{"ecosystem":160,"name":161,"vendor":162,"product":163,"cpe_part":9,"purl_type":164,"purl_namespace":162,"purl_name":163,"source":9,"versions":165},"SUSE Linux Enterprise","xen","suse","xen&distro=SUSE Linux Enterprise Desktop 12 SP4","rpm",[166],{"version":167,"is_range":168,"range_type":169,"version_start":9,"version_start_type":9,"version_end":170,"version_end_type":171,"fixed_in":9},"lt4_11_1_02_2_3_1",true,"ecosystem","4.11.1_02-2.3.1","excluding",{"ecosystem":160,"name":161,"vendor":162,"product":173,"cpe_part":9,"purl_type":164,"purl_namespace":162,"purl_name":173,"source":9,"versions":174},"xen&distro=SUSE Linux Enterprise Server 12 SP4",[175],{"version":167,"is_range":168,"range_type":169,"version_start":9,"version_start_type":9,"version_end":170,"version_end_type":171,"fixed_in":9},{"ecosystem":160,"name":161,"vendor":162,"product":177,"cpe_part":9,"purl_type":164,"purl_namespace":162,"purl_name":177,"source":9,"versions":178},"xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4",[179],{"version":167,"is_range":168,"range_type":169,"version_start":9,"version_start_type":9,"version_end":170,"version_end_type":171,"fixed_in":9},{"ecosystem":160,"name":161,"vendor":162,"product":181,"cpe_part":9,"purl_type":164,"purl_namespace":162,"purl_name":181,"source":9,"versions":182},"xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP4",[183],{"version":167,"is_range":168,"range_type":169,"version_start":9,"version_start_type":9,"version_end":170,"version_end_type":171,"fixed_in":9}]