82 matches found
xen-kernel -- Uncontrolled creation of large page mappings by PV guests
The Xen Project reports: The code to validate level 2 page table entries is bypassed when certain conditions are satisfied. This means that a PV guest can create writable mappings using super page mappings. Such writable mappings can violate Xen intended invariants for pages which Xen is supposed...
SUSE: Security Advisory for apache2 (SUSE-SU-2014:1081-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated (785c86b1-27d6-11e5-a4a5-002590263bf5)
The Xen Project reports : When decoding a guest write to a specific register in the virtual interrupt controller Xen would treat an invalid value as a critical error and crash the host. By writing an invalid value to the GICD.SGIR register a guest can crash the host, resulting in a Denial of...
FreeBSD : xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw (83a28417-27e3-11e5-a4a5-002590263bf5)
The Xen Project reports : Instructions with register operands ignore eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override can, however, corrupt a pointer used subsequently to store the result of the instruction. A malicious gue...
FreeBSD : xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo (ce658051-27ea-11e5-a4a5-002590263bf5)
The Xen Project reports : The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XENSYSCTLgetdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by...
FreeBSD : xen-kernel -- Information leak through version information hypercall (ef9d041e-27e2-11e5-a4a5-002590263bf5)
The Xen Project reports : The code handling certain sub-operations of the HYPERVISORxenversion hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becomi...
FreeBSD : xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging (912cb7f7-27df-11e5-a4a5-002590263bf5)
The Xen Project reports : On ARM systems the code which deals with virtualizing the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. A malicious guest could cause repeated logging to the hypervisor console, leading...
FreeBSD : xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior (80e846ff-27eb-11e5-a4a5-002590263bf5)
The Xen Project reports : With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOPswapgrantref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest...
xen-kernel -- vulnerability in the iret hypercall handler
The Xen Project reports: A buggy loop in Xen's compatiret function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercalliret with EFLAGS.VM set. Given the use of get/putuser, and that the virtual addresses in question are...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality of protected information
The Linux-modules-2.6.18-4-xen-686 package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of the confidentiality of protected information. These vulnerabilities can be exploited remotely...
xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw
The Xen Project reports: Instructions with register operands ignore eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override can, however, corrupt a pointer used subsequently to store the result of the instruction. A malicious gues...
SuSE 11.3 Security Update : Xen (SAT Patch Number 9828)
The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation. bnc897657 - XSA-106: CVE-2014-7156: Missing privilege level checks i...
xen: security and bugfix update (important)
XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...
SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)
XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. CVE-2013-4416 - XSA-63: Fixed information leaks through I/O instruction emulation. CVE-2013-4355 - XSA-66: Fixed information leak...
kernel: xen: VCPU timer overflow leads to PCPU deadlock and host death-by-watchdog
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service Xen infinite loop and physical CPU consumption by setting a VCPU with an "inappropriate deadline."...
Scientific Linux Security Update : libvirt on SL5.x i386/x86_64
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by...
CentOS Update for libvirt CESA-2011:1019 centos5 i386
Check for the Version of libvirt OpenVAS Vulnerability Test CentOS Update for libvirt CESA-2011:1019 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
kernel: xen: x86_emulate: fix SAHF emulation
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging HAP, allows guest users to cause a denial of service invalid pointer dereference and hypervisor crash via the SAHF instruction...
libvirt security update
CentOS Errata and Security Advisory CESA-2011:1019 Updated libvirt packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Commo...
Moderate: Red Hat Security Advisory: libvirt security, bug fix, and enhancement update
Updated libvirt packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...