198 matches found
DEBIAN-CVE-2019-17347
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux and possibly other guest kernels...
DEBIAN-CVE-2019-17348
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers PCID and shadow-pagetable switching...
DEBIAN-CVE-2019-17346
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers PCID and TLB flushes...
UBUNTU-CVE-2019-17345
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest...
UBUNTU-CVE-2019-17343
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains...
UBUNTU-CVE-2019-17347
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux and possibly other guest kernels...
Attacking the VM Worker Process
In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...
EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1178)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain...
Ubuntu: Security Advisory (USN-3931-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3931-2: Linux kernel (HWE) vulnerabilities
USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirsk...
USN-3931-1 linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities
M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...
USN-3931-1: Linux kernel vulnerabilities
M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...
EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1433)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, whic...
Xen Shadow Paging Conflict Vulnerability
Xen is an open source virtual machine monitor developed by the Xen Project. A shadow paging conflict vulnerability exists in 4.11.x and earlier versions of Xen, which stems from an interpretational conflict in the union data structure associated with shadow paging, and can be exploited by a user ...
UBUNTU-CVE-2018-19966
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...
DEBIAN-CVE-2018-19965
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service host OS crash because GP0 can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 aka Meltdown mitigation...
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1372)
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect...
DEBIAN-CVE-2018-14678
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not properly maintain RBX, which allows local users to cause a denial of service uninitialized memory usage and system crash. Within Xen...
ALPINE-CVE-2018-12891
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions...
UBUNTU-CVE-2018-12893
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...