24 matches found
SUSE CVE-2016-3158
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...
Mageia: Security Advisory (MGASA-2013-0197)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:1314-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:1075-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information disclosure
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...
Design/Logic Flaw
The fpufxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits...
OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)
The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...
OracleVM 3.2 : xen (OVMSA-2013-0042)
The remote OracleVM system is missing necessary patches to address critical security updates : - Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a GP to occur upon passing the inputs to XSETBV inside the hyperviso...
OracleVM 3.1 : xen (OVMSA-2013-0043)
The remote OracleVM system is missing necessary patches to address critical security updates : - x86/xsave: properly check guest input to XSETBV Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a GP to occur upon...
Debian DSA-3006-1 : xen - security update
Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
openSUSE Security Update : xen (openSUSE-SU-2013:1392-1)
XEN was updated to 4.1.5 release. It fixes various bugs and security issues. Issues fixed separately from the 4.1.5 release : - bnc824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bncXXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM...
Fedora Update for xen FEDORA-2013-22312
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for xen FEDORA-2013-16371
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-2076
Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged t...
CVE-2013-2076
CVE-2013-2076 affects Xen on AMD64: when running Xen 4.0.x/4.1.x/4.2.x on AMD64, FXSAVE/FXRSTOR saves only some x87/FPU state during a pending exception, enabling a domain to glean parts of another domain’s floating-point state and potentially sensitive data (e.g., cryptographic keys). Related fo...
Fedora 19 : xen-4.2.2-6.fc19 (2013-9986)
Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...
Fedora 17 : xen-4.1.5-5.fc17 (2013-10247)
Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...
Fedora 18 : xen-4.2.2-6.fc18 (2013-10136)
Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...
Updated xen package fixes security issues
This update fixes the following security issues: XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV...
SuSE 11.2 Security Update : Xen (SAT Patch Number 7798)
XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed : - Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via...