5618 matches found
CVE-2021-28701
Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...
Race condition
Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...
UBUNTU-CVE-2021-28701
Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...
CVE-2021-28701
Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...
CVE-2021-28701
CVE-2021-28701 describes a race in Xen’s XENMAPSPACE_grant_table handling where grant-table v2 status pages can be freed while a parallel request maps them, potentially allowing a guest to retain access to freed pages. The enforcement to block new mappings during deallocation was missing. Impact ...
CVE-2021-28701
Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...
Denial Of Service (DoS)
xen is vulnerable to denial of service. Long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would itera...
USN-5062-1: Linux kernel vulnerability
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory...
Corel Parallels Desktop 访问控制错误漏洞
Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada.Desk is a writing, blogging, and note-taking application for individual developers. An Access Control Error vulnerability exists in Corel Parallels Desktop Toolgate that stems from a lack of...
Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgat...
Xen 竞争条件问题漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen where...
Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...
Corel Parallels Desktop 访问控制错误漏洞
Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. An Access Control Error vulnerability exists in Corel Parallels Desktop Toolgate that stems from a lack of proper validation of user-supplied data in the Toolgate component. This could lead to...
Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...
Corel Parallels Desktop 访问控制错误漏洞
Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. An Access Control Error vulnerability exists in Corel Parallels Desktop Toolgate that stems from a lack of proper validation of user-supplied data in the Toolgate component. This could lead to...
Hotfix XS82E032 - For Citrix Hypervisor 8.2
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX325319 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...
Citrix Hypervisor Security Update
Several security issues have been discovered in Citrix Hypervisor that, collectively, may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-ID| Description| Pre-requisites ---|---|--- CVE-2021-28694| Host denial of service|...
[SECURITY] Fedora 33 Update: xen-4.14.2-3.fc33
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 34 Update: xen-4.14.2-3.fc34
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
SUSE SLES15 Security Update : xen (SUSE-SU-2021:2925-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2925-1 advisory. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86...