[SECURITY] Fedora 37 Update: xen-4.16.2-2.fc37

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xenstore: Guests can create arbitrary number of nodes via transactions (XSA-421)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a vulnerability in its node creation feature. In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an...

Fedora: Security Advisory for xen (FEDORA-2022-07438e12df)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-38015

Windows Hyper-V Denial of Service Vulnerability...

CVE-2022-23824

A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 CVE-2017-5715. This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and...

[SECURITY] Fedora 36 Update: xen-4.16.2-3.fc36

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure...

Driver Disk for Qlogic qla2xxx 10.02.08.01-k - For Citrix Hypervisor 8.2 LTSR

Who Should Install this Driver Disk? Customers running the Citrix Hypervisor 8.2 LTSR release who use Qlogic's qla2xxx driver and wish to use the latest version of the following: Driver Module| Version ---|--- qla2xxx| 10.02.08.01k Note: This driver version applies to all hardware including Dell...

IBPB and Return Stack Buffer Interactions

Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 previously known as Spectre Variant 2 attacks...

Driver Disk for Intel ice 1.8.8 - For Citrix Hypervisor 8.2 LTSR

Who Should Install this Driver Disk? Customers running the Citrix Hypervisor 8.2 LTSR release who use Intel's ice driver and wish to use the latest version of the following: Driver Module| Version ---|--- ice| 1.8.8 Issues Resolved In this Driver Disk Includes general enhancements and bug fixes...

virt-who bug fix and enhancement update

An update is available for virt-who. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virt-who service collects information about the connection between the...

Vulnerabilities fixed in Xen

Xen's developers have fixed vulnerabilities in Xen. The vulnerabilities are located in the xenstored and allow a malicious with rights to deploy and configure guest images through rogue guests to cause a Denial-of-Service, or potentially gain access to memory of other guest systems and thus...

DEBIAN-CVE-2022-42323

Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...

CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

CVE-2022-42310

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is...

CVE-2022-42319

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only...

CVE-2022-42327

x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist...

Citrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318

Description of Problem Several security issues have been identified in Citrix Hypervisor 8.2 LTSR CU1, each of which may allow a privileged user in a guest VM to cause part of the management service to become unresponsive, resulting in the inability to create new guests or modify the configuratio...

PT-2022-7334 · Xen +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the Xenstore component of the Xen hypervisor, where guests can gain access to Xenstore nodes of deleted domains due to incomplete cleanup of temporary or auxiliary...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen Xenstore suffers from a security...