198 matches found
DEBIAN-CVE-2013-4368
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...
DEBIAN-CVE-2013-1432
Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service premature page free and hypervisor crash or possibly gain privileges via unspecified vectors...
DEBIAN-CVE-2013-2077
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service unhandled exception and hypervisor crash via unspecified vectors...
CVE-2013-2211
CVE-2013-2211 concerns the Xen hypervisor, where the libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions on xenstore keys for paravirtualised and emulated serial console devices. This allows a local guest administrator to modify the xenstore value via unspec...
RHEL 6 : virtio-win (RHSA-2013:1101)
An updated virtio-win package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: virtio-win security update
An updated virtio-win package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
PV guest host Denial of Service
ISSUE DESCRIPTION A Xen user has discovered that some older AMD CPUs can be made to lock up due to AMD processor erratum 121. This issue was discovered during testing of the fix for XSA-7 CVE-2012-0217. Although the two issues are unrelated the situations which can trigger them may overlap...
DEBIAN-CVE-2013-1918
Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."...
DEBIAN-CVE-2012-5513
The XENMEMexchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service crash or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range...
SuSE 10 Security Update : Xen (ZYPP Patch Number 8359)
XEN received various security and bugfixes : - xen: Timer overflow DoS vulnerability XSA-20. CVE-2012-4535 - xen: Memory mapping failure DoS vulnerability XSA-22 The following additional bugs have beenfixed:. CVE-2012-4537 - L3: Xen BUG at ioapic.c:129 26102-x86-IOAPIC-legacy-not-first.patch...
XENMEM_populate_physmap DoS vulnerability
ISSUE DESCRIPTION XENMEMpopulatephysmap can be called with invalid flags. By calling it with MEMFpopulateondemand flag set, a BUG can be triggered if a translating paging mode is not being used. IMPACT A malicious guest kernel can crash the host. VULNERABLE SYSTEMS All Xen systems running PV...
kernel: denial of service due to AMD Erratum #121
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service host hang via sequential execution of instructions across a non-canonical boundary, a different...
PT-2013-1400 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions 3.3 and earlier Description: The issue is related to an off-by-one error in the addr ok macro, which can be exploited by local 64-bit PV guest administrators to cause a denial of service, resulting in a host crash. This can be...
xen: insufficiencies in pv kernel image validation
tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...
kernel-xen 3.1.1 does not prevent modification of the CR4 TSC from applications (DoS possible)
Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service crash...
CVE-2007-5498
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service host OS crash via a request that specifies a large number of blocks...
CVE-2007-5498
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service host OS crash via a request that specifies a large number of blocks...
CVE-2007-5498
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service host OS crash via a request that specifies a large number of blocks...