Lucene search
K

198 matches found

osv
osv
added 2019/10/08 1:15 a.m.2 views

DEBIAN-CVE-2019-17347

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux and possibly other guest kernels...

7.8CVSS6.9AI score0.00352EPSS
Exploits0References1
osv
osv
added 2019/10/08 1:15 a.m.1 views

DEBIAN-CVE-2019-17348

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers PCID and shadow-pagetable switching...

6.5CVSS6.8AI score0.00347EPSS
Exploits0References1
osv
osv
added 2019/10/08 1:15 a.m.1 views

DEBIAN-CVE-2019-17346

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers PCID and TLB flushes...

8.8CVSS6.9AI score0.00349EPSS
Exploits0References1
osv
osv
added 2019/10/08 1:15 a.m.2 views

UBUNTU-CVE-2019-17345

An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest...

6.5CVSS6.8AI score0.0035EPSS
Exploits0References3
osv
osv
added 2019/10/08 1:15 a.m.4 views

UBUNTU-CVE-2019-17343

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains...

6.8CVSS6.9AI score0.00279EPSS
Exploits0References3
osv
osv
added 2019/10/08 1:15 a.m.2 views

UBUNTU-CVE-2019-17347

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux and possibly other guest kernels...

7.8CVSS6.8AI score0.00352EPSS
Exploits0References3
msrc
msrc
added 2019/09/11 7:0 a.m.14 views

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...

1.6AI score
Exploits0
nessus
nessus
added 2019/04/09 12:0 a.m.28 views

EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1178)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain...

5.5CVSS6.7AI score0.00551EPSS
Exploits0References3
openvas
openvas
added 2019/04/03 12:0 a.m.248 views

Ubuntu: Security Advisory (USN-3931-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.4AI score0.16523EPSS
Exploits12References2
ubuntu
ubuntu
added 2019/04/02 8:50 p.m.123 views

USN-3931-2: Linux kernel (HWE) vulnerabilities

USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirsk...

8.1CVSS6.9AI score0.16523EPSS
Exploits12
osv
osv
added 2019/04/02 7:29 p.m.4 views

USN-3931-1 linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities

M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...

8.1CVSS6.9AI score0.16523EPSS
Exploits12References13
ubuntu
ubuntu
added 2019/04/02 7:29 p.m.131 views

USN-3931-1: Linux kernel vulnerabilities

M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...

8.1CVSS6.9AI score0.16523EPSS
Exploits12
nessus
nessus
added 2018/12/28 12:0 a.m.48 views

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1433)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, whic...

5.5CVSS6.5AI score0.00551EPSS
Exploits0References3
cnvd
cnvd
added 2018/12/10 12:0 a.m.11 views

Xen Shadow Paging Conflict Vulnerability

Xen is an open source virtual machine monitor developed by the Xen Project. A shadow paging conflict vulnerability exists in 4.11.x and earlier versions of Xen, which stems from an interpretational conflict in the union data structure associated with shadow paging, and can be exploited by a user ...

8.8CVSS8.5AI score0.00438EPSS
Exploits0References1
osv
osv
added 2018/12/08 4:29 a.m.2 views

UBUNTU-CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...

8.8CVSS7.3AI score0.00438EPSS
Exploits0References4
osv
osv
added 2018/12/08 4:29 a.m.2 views

DEBIAN-CVE-2018-19965

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service host OS crash because GP0 can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 aka Meltdown mitigation...

5.6CVSS6.4AI score0.00409EPSS
Exploits0References1
nessus
nessus
added 2018/11/21 12:0 a.m.30 views

EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1372)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect...

5.5CVSS6.5AI score0.00551EPSS
Exploits0References2
osv
osv
added 2018/07/28 6:29 p.m.2 views

DEBIAN-CVE-2018-14678

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not properly maintain RBX, which allows local users to cause a denial of service uninitialized memory usage and system crash. Within Xen...

7.8CVSS6.1AI score0.00409EPSS
Exploits0References1
osv
osv
added 2018/07/02 5:29 p.m.4 views

ALPINE-CVE-2018-12891

An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions...

6.5CVSS6.7AI score0.00435EPSS
Exploits0References1
osv
osv
added 2018/07/02 5:29 p.m.6 views

UBUNTU-CVE-2018-12893

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...

6.5CVSS6.8AI score0.00414EPSS
Exploits0References3
Rows per page
Query Builder