Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-479-1:373A9
HistoryMay 17, 2016 - 11:13 p.m.

[SECURITY] [DLA 479-1] xen security update

2016-05-1723:13:35
lists.debian.org
35

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

30.8%

JSON

Package : xen
Version : 4.1.6.1-1+deb7u1
CVE ID : CVE-2015-2752 CVE-2015-2756 CVE-2015-5165 CVE-2015-5307
CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972
CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8550
CVE-2015-8554 CVE-2015-8555 CVE-2015-8615 CVE-2016-1570
CVE-2016-1571 CVE-2016-2270 CVE-2016-2271

This security update fixes a number of security issues in Xen in wheezy.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.6.1-1+deb7u1.

We recommend that you upgrade your libidn packages.

CVE-2015-2752

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x,
when using a PCI passthrough device, is not preemptable, which
allows local x86 HVM domain users to cause a denial of service (host
CPU consumption) via a crafted request to the device model
(qemu-dm).

CVE-2015-2756

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict
access to PCI command registers, which might allow local HVM guest
users to cause a denial of service (non-maskable interrupt and host
crash) by disabling the (1) memory or (2) I/O decoding for a PCI
Express device and then accessing the device, which triggers an
Unsupported Request (UR) response.

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device
model in QEMU, as used in Xen 4.5.x and earlier, allows remote
attackers to read process heap memory via unspecified vectors.

CVE-2015-5307

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x
through 4.6.x, allows guest OS users to cause a denial of service
(host OS panic or hang) by triggering many #AC (aka Alignment Check)
exceptions, related to svm.c and vmx.c.

CVE-2015-7969

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest
administrators or domains with certain permission to cause a denial
of service (memory consumption) via a large number of "teardowns" of
domains with the vcpu pointer array allocated using the (1)
XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer
array allocated using the (2) XENOPROF_get_buffer or (3)
XENOPROF_set_passive hypercall.

CVE-2015-7970

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen
3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86
HVM guest administrators to cause a denial of service (CPU
consumption and possibly reboot) via crafted memory contents that
triggers a "time-consuming linear scan," related to
Populate-on-Demand.

CVE-2015-7971

Xen 3.2.x through 4.6.x does not limit the number of printk console
messages when logging certain pmu and profiling hypercalls, which
allows local guests to cause a denial of service via a sequence of
crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly
handled in the do_xenoprof_op function in common/xenoprof.c, or (2)
HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in
the do_xenpmu_op function in arch/x86/cpu/vpmu.c.

CVE-2015-7972

The (1) libxl_set_memory_target function in tools/libxl/libxl.c and
(2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen
3.4.x through 4.6.x do not properly calculate the balloon size when
using the populate-on-demand (PoD) system, which allows local HVM
guest users to cause a denial of service (guest crash) via
unspecified vectors related to "heavy memory pressure."

CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x
through 4.6.x, allows guest OS users to cause a denial of service
(host OS panic or hang) by triggering many #DB (aka Debug)
exceptions, related to svm.c.

CVE-2015-8339

The memory_exchange function in common/memory.c in Xen 3.2.x through
4.6.x does not properly hand back pages to a domain, which might
allow guest OS administrators to cause a denial of service (host
crash) via unspecified vectors related to domain teardown.

CVE-2015-8340

The memory_exchange function in common/memory.c in Xen 3.2.x through
4.6.x does not properly release locks, which might allow guest OS
administrators to cause a denial of service (deadlock or host crash)
via unspecified vectors, related to XENMEM_exchange error handling.

CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest
OS administrators to cause a denial of service (host OS crash) or
gain privileges by writing to memory shared between the frontend and
backend, aka a double fetch vulnerability.

CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using
the qemu-xen-traditional (aka qemu-dm) device model, allows local
x86 HVM guest administrators to gain privileges by leveraging a
system with access to a passed-through MSI-X capable physical PCI
device and MSI-X table entries, related to a "write path."

CVE-2015-8555

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86
FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage
guest extended register state, which allows local guest domains to
obtain sensitive information from other domains via unspecified
vectors.

CVE-2015-8615

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6
does not limit the number of printk console messages when logging
the new callback method, which allows local HVM guest OS users to
cause a denial of service via a large number of changes to the
callback method (HVM_PARAM_CALLBACK_IRQ).

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1,
and 4.1.x through 4.6.x allows local PV guests to obtain sensitive
information, cause a denial of service, gain privileges, or have
unspecified other impact via a crafted page identifier (MFN) to the
(1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the
HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to
page table updates.

CVE-2016-1571

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x
through 4.6.x, when using shadow mode paging or nested
virtualization is enabled, allows local HVM guest users to cause a
denial of service (host crash) via a non-canonical guest address in
an INVVPID instruction, which triggers a hypervisor bug check.

CVE-2016-2270

Xen 4.6.x and earlier allows local guest administrators to cause a
denial of service (host reboot) via vectors related to multiple
mappings of MMIO pages with different cachability settings.

CVE-2016-2271

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU,
allows local HVM guest users to cause a denial of service (guest
crash) via vectors related to a non-canonical RIP.

Brian May <[email protected]>

OSVersionArchitecturePackageVersionFilename
Debian7armelfuse-modules-3.2.0-4-kirkwood-di< 3.2.68-1+deb7u6fuse-modules-3.2.0-4-kirkwood-di_3.2.68-1+deb7u6_armel.deb
Debian8i386isofs-modules-3.16.0-4-686-pae-di< 3.16.7-ckt11-1+deb8u6isofs-modules-3.16.0-4-686-pae-di_3.16.7-ckt11-1+deb8u6_i386.deb
Debian8i386efi-modules-3.16.0-4-586-di< 3.16.7-ckt11-1+deb8u6efi-modules-3.16.0-4-586-di_3.16.7-ckt11-1+deb8u6_i386.deb
Debian7armhfuinput-modules-3.2.0-4-mx5-di< 3.2.68-1+deb7u6uinput-modules-3.2.0-4-mx5-di_3.2.68-1+deb7u6_armhf.deb
Debian7i386nic-extra-modules-3.2.0-4-486-di< 3.2.68-1+deb7u6nic-extra-modules-3.2.0-4-486-di_3.2.68-1+deb7u6_i386.deb
Debian7armhfmd-modules-3.2.0-4-mx5-di< 3.2.68-1+deb7u6md-modules-3.2.0-4-mx5-di_3.2.68-1+deb7u6_armhf.deb
Debian8mipsmd-modules-3.16.0-4-r4k-ip22-di< 3.16.7-ckt11-1+deb8u6md-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt11-1+deb8u6_mips.deb
Debian7mipselcrypto-dm-modules-3.2.0-4-r5k-cobalt-di< 3.2.68-1+deb7u6crypto-dm-modules-3.2.0-4-r5k-cobalt-di_3.2.68-1+deb7u6_mipsel.deb
Debian7mipselzlib-modules-3.2.0-4-r5k-cobalt-di< 3.2.68-1+deb7u6zlib-modules-3.2.0-4-r5k-cobalt-di_3.2.68-1+deb7u6_mipsel.deb
Debian7i386pata-modules-3.2.0-4-486-di< 3.2.68-1+deb7u6pata-modules-3.2.0-4-486-di_3.2.68-1+deb7u6_i386.deb
Rows per page:
1-10 of 20001

Related

openvas 36
nessus 69
osv 1
debian 3
fedora 14
suse 7
freebsd 7
xen 11
oraclelinux 4
redhat 8
centos 3
mageia 2
f5 2
debiancve 9
cve 7
prion 7
ubuntucve 9
openvas
openvas
Debian: Security Advisory (DLA-479-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3519-1 (xen - security update)
2016-03-17 00:00:00
Debian: Security Advisory (DSA-3519-1)
2016-03-16 00:00:00
nessus
nessus
Debian DLA-479-1 : xen security update
2016-05-18 00:00:00
Debian DSA-3519-1 : xen - security update
2016-03-21 00:00:00
OracleVM 3.3 : xen (OVMSA-2016-0007)
2016-01-26 00:00:00
osv
osv
xen - security update
2016-05-17 00:00:00
debian
debian
[SECURITY] [DSA 3519-1] xen security update
2016-03-17 21:52:03
[SECURITY] [DSA 3414-1] xen security update
2015-12-09 20:43:14
[SECURITY] [DSA 3454-1] virtualbox security update
2016-01-26 23:24:54
fedora
fedora
[SECURITY] Fedora 23 Update: xen-4.5.2-6.fc23
2015-12-22 22:09:20
[SECURITY] Fedora 22 Update: xen-4.5.2-6.fc22
2016-01-02 23:21:29
[SECURITY] Fedora 22 Update: xen-4.5.1-14.fc22
2015-11-10 00:25:04
suse
suse
Security update for xen (important)
2016-01-14 22:16:01
Security update for Xen (important)
2016-03-04 22:13:56
Security update for xen (important)
2016-01-14 22:19:10
freebsd
freebsd
xen-kernel -- XENMEM_exchange error handling issues
2015-12-08 00:00:00
xen-kernel -- CPU lockup during exception delivery
2015-11-10 00:00:00
xen-kernel -- some pmu and profiling hypercalls log without rate limiting
2015-10-29 00:00:00
xen
xen
XENMEM_exchange error handling issues
2015-12-08 11:29:00
x86: CPU lockup during exception delivery
2015-11-10 00:01:00
x86: some pmu and profiling hypercalls log without rate limiting
2015-10-29 11:59:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2015-12-10 00:00:00
kernel security and bug fix update
2015-12-08 00:00:00
kernel security and bug fix update
2015-12-15 00:00:00
redhat
redhat
(RHSA-2015:2552) Important: kernel security and bug fix update
2015-12-08 10:11:52
(RHSA-2016:0046) Important: kernel security update
2016-01-19 00:00:00
(RHSA-2016:0004) Important: kernel security update
2016-01-07 00:00:00
centos
centos
kernel, perf, python security update
2015-12-09 19:18:47
kernel, perf, python security update
2015-12-16 00:07:51
libcacard, qemu security update
2015-09-16 12:50:23
mageia
mageia
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
Updated kernel packages fix security vulnerabilities
2015-11-20 01:08:19
f5
f5
K31026324 : Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
2016-01-13 00:00:00
SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
2016-01-13 00:00:00
debiancve
debiancve
CVE-2015-7972
2015-10-30 15:59:00
CVE-2015-8340
2015-12-17 19:59:00
CVE-2015-8550
2016-04-14 14:59:00
cve
cve
CVE-2015-7972
2015-10-30 15:59:00
CVE-2015-8340
2015-12-17 19:59:00
CVE-2015-7971
2015-10-30 15:59:00
prion
prion
Design/Logic Flaw
2015-10-30 15:59:00
Design/Logic Flaw
2015-10-30 15:59:00
Design/Logic Flaw
2015-12-17 19:59:00
ubuntucve
ubuntucve
CVE-2015-7972
2015-10-30 00:00:00
CVE-2015-7969
2015-10-30 00:00:00
CVE-2015-8340
2015-12-17 00:00:00

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

30.8%

JSON
Related for DEBIAN:DLA-479-1:373A9
openvas36nessus69osv1debian3fedora14suse7freebsd7xen11oraclelinux4redhat8centos3mageia2f52debiancve9cve7prion7ubuntucve9