CVE-2019-6670

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem...

CVE-2019-6670

CVE-2019-6670 affects F5 BIG-IP vCMP hypervisors. The vulnerability arises from a flaw that causes plaintext unit keys for vCMP guests to be exposed on the filesystem. Affected versions include BIG-IP 15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1, 12.1.0–12.1.5, and 11.5.1–11.6.5. ...

Control domain memory leak issue on Citrix Hypervisor 8.0 when GPU in use

1. Any operation on VMs start, shutdown, creating and removing snapshot etc. with GPU are extremely slow 2. Citrix Hypervisor 8.0 freezing when GPU in use...

Ubuntu 18.04.2 VMs can fail to boot on Citrix Hypervisor (formerly XenServer)

When creating an Ubuntu 18.04.2 or18.04.3VM or updating an existing VM to Ubuntu 18.04.2 or 18.04.3, your VM can fail to boot. The console shows the boot sequence hung at the point "Starting Tool to automatically collect and submit kernel crash signatures..." If you switch the console to shell mo...

Xen Restartable PV Type Change Operations Elevation of Privilege Vulnerability (XSA-299)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an elevation of privilege vulnerability due to race conditions in the pagetable promotion and demotion operations. An authenticated, remote attacker can exploit this issue, by triggering...

VMware Fusion 11.0.x < 11.5.1 Multiple Vulnerabilities (VMSA-2019-0020, VMSA-2019-0021)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.0.x prior to 11.5.1. It is, therefore, affected by multiple vulnerabilities: - An unspecified information disclosure vulnerability in vmnetdhcp. CVE-2019-5540 - An unspecified out-of-bounds write vulnerability in th...

VMware Workstation 15.0.x < 15.5.1 Multiple Vulnerabilities (VMSA-2019-0020, VMSA-2019-0021)

The version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.1. It is, therefore, affected by multiple vulnerabilities: - An unspecified information disclosure vulnerability in vmnetdhcp. CVE-2019-5540 - An unspecified out-of-bounds write vulnerability in the...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

MGASA-2019-0333 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

[SECURITY] Fedora 31 Update: xen-4.12.1-6.fc31

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 29 Update: xen-4.11.2-2.fc29

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora Update for xen FEDORA-2019-865bb16900

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : xen (openSUSE-2019-2508)

This update for xen fixes the following issues : - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. bsc1155945 -...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-2503)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. bsc1135966 -...

Xen PCI Pass-Through Elevation of Privilege vulnerability (XSA-302)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an elevation of privilege vulnerability due to a memory corruption that may occur after a passed through PCI device is deassigned from an untrusted domain. An unauthenticated attacker wit...

VMSA-2019-0020 : Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities

a. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change MCEPSC Denial-of-Service vulnerability - CVE-2018-12207 VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change MCEPSC. A malicious actor with...

VMware Workstation e1000 Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)

The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exceptio...

November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe

This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft...

SUSE-SU-2019:2961-1 Security update for xen

This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. bsc1155945 -...