Security Bulletin: This Power Hardware Management Console (HMC) Security Bulletin is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-3639 (Variant 4) and CVE-2018-3640 (Variant 3a).

Summary In response to recently reported security vulnerabilities, this Power HMC Security Bulletin is released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-3639 and CVE-2018-3640. Vulnerability Details CVEID: CVE-2018-3639 CVEID: CVE-2018-3640 Workarounds and Mitigation...

Ubuntu: Security Advisory (USN-5071-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 (known as MDS).

Summary In response to recently reported security vulnerabilities, this Power HMC Security Bulletin is released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. Vulnerability Details CVEID: CVE-2018-12126 CVEID:...

USN-5071-3: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute...

SUSE SLED12: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2021:3181-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3181-1 advisory. - CVE-2021-28701: Fixed race condition in XENMAPSPACEgranttable handling XSA-384 bsc1189632. - Upstream bug fixes bsc1027519 Tenabl...

Debian: Security Advisory (DSA-4977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

Design/Logic Flaw

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557...

CVE-2021-29795

IBM PowerVM Hypervisor vulnerability CVE-2021-29795 allows a local user within a partition to issue a specially crafted sequence of hypervisor calls that can crash the system. Affected products are PowerVM Hypervisor FW860, FW930, FW940, and FW950 across Power8/Power9 platforms. Root cause: a mis...

Debian DSA-4977-1 : xen - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4977 advisory. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. With the...

Security Bulletin: The PowerVM hypervisor is vulnerable to a specially crafted sequence of hypervisor calls from a partition that can lead to a system crash

Summary An attacker that gains total control of a virtual machine running on the PowerVM hypervisor could issue a specially crafted sequence of hypervisor calls that will lead to a system crash and and an outage of all virtual machines running on the same system Vulnerability Details CVEID:...

[SECURITY] [DSA 4977-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4977-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 20, 2021 https://www.debian.org/security/faq -...

IBM PowerVM Hypervisor 注入漏洞

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

The vulnerability of the libxl__domain_suspend_state structure in Xen hypervisors lies in the lack of resource initialization, which allows attackers to trigger a service failure.

The vulnerability of the libxldomainsuspendstate structure in Xen hypervisors stems from the fact that this structure does not utilize the standard initialization and deallocation mechanism. Exploiting this vulnerability could allow an attacker to cause a service failure...

Ubuntu: Security Advisory (USN-5073-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for xen (FEDORA-2021-11577e5229)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: xen-4.14.2-4.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

USN-5073-2: Linux kernel (GCP) vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...