13 matches found
SUSE: Security Advisory (SUSE-SU-2022:3665-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-28689
x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...
CVE-2021-28689
x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...
CVE-2021-28689
CVE-2021-28689 concerns the Xen hypervisor. The issue affects 32-bit PV guests running in ring 1 on x86, where 32-bit PV guest kernels were paravirtualised in the original design. The underlying cause is speculative execution side-channel risk in this ring, with Indirect Branch Restricted Specula...
CVE-2021-28689
x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests
ISSUE DESCRIPTION 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different...
x86: 64bit PV guest breakout via pagetable use-after-mode-change
ISSUE DESCRIPTION 64-bit PV guests typically use separate root page tables for their kernel and user modes. Hypercalls are accessible to guest kernel context only, which certain hypercall handlers make assumptions on. The IRET hypercall replacing the identically name CPU instruction is used by...
FreeBSD : xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests (45ca25b5-ba4d-11e6-ae1b-002590263bf5)
The Xen Project reports : On real hardware, a 32-bit PAE guest must leave the USER and RW bit clear in L3 pagetable entries, but the pagetable walk behaves as if they were set. The L3 entries are cached in processor registers, and don't actually form part of the pagewalk. When running a 32-bit PV...
Fedora 25 : xen (2016-1d8429b89f)
fix build problem with glibc 2.24 x86: Disallow L3 recursive pagetable for 32-bit PV guests XSA-185, CVE-2016-7092 x86: Mishandling of instruction pointer truncation during emulation XSA-186, CVE-2016-7093 x86 HVM: Overflow of shctxt-segreg XSA-187, CVE-2016-7094 pandoc documentation has dependen...
Fedora 23 : xen (2016-1c3374bcb9)
x86: Disallow L3 recursive pagetable for 32-bit PV guests XSA-185, CVE-2016-7092 1374470 x86: Mishandling of instruction pointer truncation during emulation XSA-186, CVE-2016-7093 1374471 x86 HVM: Overflow of shctxt-segreg XSA-187, CVE-2016-7094 1374473 Note that Tenable Network Security has...
x86: Disallow L3 recursive pagetable for 32-bit PV guests
ISSUE DESCRIPTION On real hardware, a 32-bit PAE guest must leave the USER and RW bit clear in L3 pagetable entries, but the pagetable walk behaves as if they were set. The L3 entries are cached in processor registers, and don't actually form part of the pagewalk. When running a 32-bit PV guest o...
xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests
The Xen Project reports: On real hardware, a 32-bit PAE guest must leave the USER and RW bit clear in L3 pagetable entries, but the pagetable walk behaves as if they were set. The L3 entries are cached in processor registers, and don't actually form part of the pagewalk. When running a 32-bit PV...
vulnerability in the iret hypercall handler
ISSUE DESCRIPTION A buggy loop in Xen's compatiret function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercalliret with EFLAGS.VM set. Given the use of get/putuser, and that the virtual addresses in question are...