FreeBSD-SA-21:02.xenoom

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:02.xenoom Security Advisory The FreeBSD Project Topic: Xen guests can triger backend Out Of Memory Category: contrib Module: Xen Announced: 2021-01-29...

Xen OOM DoS (XSA-349)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with the watch event queue. A malicious guest can exploit this, by abusing the unbounded queue, to cause an out-of-memory error in the...

UBUNTU-CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

[SECURITY] Fedora 33 Update: xen-4.14.1-2.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2021-7785f6c616)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xen mishandling of the event channel validity constraint DoS (XSA-338))

A denial of service DoS vulnerability exists in Xen due to a mishandling of the constraint that once-valid event channels may not turn invalid. An unprivileged guest may be able to crash Xen, leading to a denial of service for the entire system. Note that Nessus has not tested for this issue but...

Xen missing error handling in MSR_MISC_ENABLE DoS (XSA-333)

A denial of service DoS vulnerability exists in Xen server due to missing error handling in MISCENABLE MSR. A malicious PV guest administrator can trigger Xen to crash, resulting in a host DoS. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Xen Missing memory barriers DoS (XSA-340)

A denial of service DoS vulnerability exists in Xen servers when accessing/allocating an event channel due to a missing memory barrier. An authenticated, local attacker may be able to cause a hypervisor crash resulting in a Denial of Service DoS. Note that Nessus has not tested for this issue but...

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and...

Available driver versions for XenServer and Citrix Hypervisor

Latest driver disk updates for XenServer and Citrix Hypervisor We work with partner organizations to ensure that drivers are available to enable new hardware and resolve critical issues. We regularly deliver updated versions of these drivers when partner organizations provide them to us. For Citr...

Hotfix XS82E010 - for Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX285937 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS81E014 - For Citrix Hypervisor 8.1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.1. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Note: This hotfix is available only to customers on theCustomer...

Hotfix XS82E011 - for Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286511 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS82E014 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS82E013 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS82E002 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

Hotfix XS82E012 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Driver Disk for Microsemi aacraid 1.2.1.60001 - For Citrix Hypervisor 8.x CR

Who Should Install this Driver Disk? Customers running a Citrix Hypervisor 8.x release who use Microsemi's aacraid driver and wish to use the latest version of the following: Driver Module| Version ---|--- aacraid| 1.2.1.60001 Issues Resolved In this Driver Disk Includes general enhancements and...

Hotfix XS82E006 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| None Content live patchable| No Baselines for Live Patch| N/A Revision History| Published on Nov 03, 2020...

Xen Control Block DoS (XSA-358)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing...