Lucene search
+L

100 matches found

NCSC
NCSC
added 2022/07/27 12:0 a.m.4 views

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. The vulnerability allows a malicious party to cause a denial-of-service. Within Shadow Mode, a TLB flush is performed incorrectly potentially causing the host system to run out of memory memory. Only x86 PV guest systems can trigger this vulnerability trigge...

8.8CVSS7.8AI score0.00289EPSS
Exploits0
OSV
OSV
added 2022/07/26 1:15 p.m.32 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS2.8AI score
Exploits0References7
AlpineLinux
AlpineLinux
added 2022/07/26 1:15 p.m.92 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS2.8AI score0.00289EPSS
Exploits0
NVD
NVD
added 2022/07/26 1:15 p.m.24 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS0.00289EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/07/26 1:15 p.m.4 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2022/07/26 1:15 p.m.45 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS6.8AI score0.00289EPSS
Exploits0References6
Prion
Prion
added 2022/07/26 1:15 p.m.30 views

Design/Logic Flaw

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

4.3CVSS8.5AI score0.00289EPSS
Exploits0References7Affected Software2
Xen Project
Xen Project
added 2022/07/26 12:0 p.m.43 views

insufficient TLB flush for x86 PV guests in shadow mode

ISSUE DESCRIPTION For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions...

8.8CVSS1.4AI score0.00289EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/07/26 12:0 a.m.2 views

PT-2022-7531 · Xen +2 · Xen +2

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to insufficient checking of input data in the Shadow Mode component of the Xen hypervisor, which can allow an attacker to elevate their privileges. The problem is...

8.8CVSS6.1AI score0.06451EPSS
Exploits3References156
CVE
CVE
added 2022/07/26 12:0 a.m.143 views

CVE-2022-33745

The CVE-2022-33745 issue is in the Xen hypervisor affecting x86 paravirtualized guests. The root cause is an incorrect TLB flush condition after code movement inside Xen, causing some necessary TLB flushes to be omitted when running PV guests in shadow paging mode (to support migrations and L1TF ...

8.8CVSS8.4AI score0.00289EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2022/07/26 12:0 a.m.40 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8AI score0.00289EPSS
Exploits0References7
Xen Project
Xen Project
added 2020/10/20 12:0 p.m.59 views

x86: Race condition in Xen mapping code

ISSUE DESCRIPTION The Xen code handling the updating of the hypervisor's own pagetables tries to use 2MiB and 1GiB superpages as much as possible to maximize TLB efficiency. Some of the operations for checking and coalescing superpages take non-negligible amount of time; to avoid potential lock...

7CVSS1.3AI score0.0026EPSS
Exploits0Affected Software1
Xen Project
Xen Project
added 2020/10/20 12:0 p.m.49 views

undue deferral of IOMMU TLB flushes

ISSUE DESCRIPTION To efficiently change the physical to machine address mappings of a larger range of addresses for fully virtualized guests, Xen contains an optimization to coalesce per-page IOMMU TLB flushes into a single, wider flush after all adjustments have been made. While this is fine to ...

7.8CVSS7.7AI score0.00337EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.46 views

SUSE SLES11 Security Update : xen (SUSE-SU-2018:0638-1) (Meltdown) (Spectre)

This update for xen fixes several issues. This new feature was included : - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative...

8.8CVSS7.1AI score0.93838EPSS
Exploits15References35
OSV
OSV
added 2018/03/05 4:46 p.m.6 views

SUSE-SU-2018:0609-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...

8.8CVSS8.2AI score0.93838EPSS
Exploits15References23
OSV
OSV
added 2018/03/05 9:40 a.m.9 views

SUSE-SU-2018:0601-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...

8.8CVSS8.2AI score0.93838EPSS
Exploits15References24
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.43 views

Fedora 27 : xen (2017-5945560816)

another patch related to the XSA-240, CVE-2017-15595 issue x86 PV guests may gain access to internally used page XSA-248 broken x86 shadow mode refcount overflow check XSA-249 improper x86 shadow mode refcount error handling XSA-250 improper bug check in x86 log-dirty handling XSA-251 Note that...

8.8CVSS6.5AI score0.01547EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2017/12/13 9:50 a.m.34 views

CVE-2017-17563

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode...

7.8CVSS5AI score0.00352EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/12/13 9:50 a.m.27 views

CVE-2017-17566

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...

7.8CVSS5.6AI score0.00357EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/12/13 9:50 a.m.41 views

CVE-2017-17564

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...

7.8CVSS5.1AI score0.00352EPSS
Exploits0References2
Rows per page
Query Builder