Xen Control Block DoS (XSA-358)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing...

Xen xenstore watch notification Information Disclosure (XSA-115)

"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability due to a lack of permission checks for xenstore watch event reporting. A guest administrator can watch the root xenstored node, which will cause...

PT-2021-7286 · Unknown +4 · Xen Hypervisor +4

Name of the Vulnerable Software and Affected Versions: Xen hypervisor netfront component affected versions not specified Description: The issue is related to errors in resource release in the netfront component of the Xen hypervisor. Exploitation of this issue may allow an attacker to cause a...

PT-2021-7293 · Xen +4 · Xen +4

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to a component of the Xen hypervisor, specifically the blkfront component, which has a resource release error. This can be exploited by a remote attacker to cause a denial ...

Xen Management Tool DoS (XSA-323)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a bad path name limit in oxenstored. A malicious guest administrator can exploit this, by creating paths in the guest's own namespace that are too...

Xen IRQ Infinite Loop DoS (XSA-356)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue when handling IRQ vectors. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated an...

Xen xenstored watch DoS (XSA-324)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with max payload length in xenstored. A malicious guest can exploit this, by registering a 'watch' with using a very large tag, to cause ...

Xen xenstored watch DoS (XSA-348)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has...

Xen Memory Leak DoS (XSA-330)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a memory leak in XSRESETWATCHES. A guest can cause unbounded memory usage in oxenstored to cause the system to stop responding with a system-wide...

Xen oxenstored DoS (XSA-352)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with oxenstored. A malicious guest administrator can change xenstore node ownership to run another guest out of quota, or create an...

[SECURITY] Fedora 32 Update: xen-4.13.2-5.fc32

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 33 Update: xen-4.14.0-14.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2020-df772b417b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for xen (FEDORA-2020-64859a826b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MGASA-2020-0466 Updated virtualbox packages fix security vulnerabilities

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. CVE-2020-14872. An...

Updated virtualbox packages fix security vulnerabilities

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. CVE-2020-14872. An...

An issue was discovered in the Linux kernel through 5.10.1 as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

...

Bitdefender Hypervisor Introspection Code Execution Vulnerability

Bidefender Hypervisor Introspection HVI is a software from Bidefender Romania that checks the memory safety of running virtual machines at the Hypervisor layer using the VM self-test APIs of the Xen and KVM hypervisors. The software blocks code execution in abnormal memory by virtualizing the...

VMware Workstation SetGuestInfo Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Xen Project DoS Vulnerability (XSA-359)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to the de-referencing of a NULL pointer. Only ARM systems are affected. Note that Nessus has checked the changeset versions based on the xen.git chan...