SUSE-SU-2019:14199-1

Advisory lineage Upstream: 13 Downstream: 0

Upstream

CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340

Published: 24 Oct 2019, 11:23

Last modified:04 Feb 2026, 03:45

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Oct 2019, 11:23

Published

Vulnerability first disclosed

04 Feb 2026, 03:45

Last Modified

Vulnerability information updated

Description

Security update for xen This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905).

Affected Systems

suse•xen&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
< 4.4.4_40-61.49.1

SUSE-SU-2019:14199-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (27)