SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2519-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...

SUSE SLES12 Security Update : xen (SUSE-SU-2017:2466-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...

CVE-2017-14316

A parameter verification issue was discovered in Xen through 4.9.x. The function allocheappages allows callers to specify the first NUMA node that should be used for allocations through the memflags parameter; the node is extracted using the MEMFgetnode macro. While the function checks to see if...

CVE-2017-14316

Xen up to 4.9.x is affected by CVE-2017-14316: alloc_heap_pages can accept node values where node >= MAX_NUMNODES, allowing out-of-bounds access to an internal array via MEMF_get_node. The issue occurs when memflags specify a non-NUMA_NO_NODE node, and is not mitigated by existing checks. Debi...

CVE-2017-14316

A parameter verification issue was discovered in Xen through 4.9.x. The function allocheappages allows callers to specify the first NUMA node that should be used for allocations through the memflags parameter; the node is extracted using the MEMFgetnode macro. While the function checks to see if...

Missing NUMA node parameter verification

ISSUE DESCRIPTION The function allocheappages allows callers to specify the first NUMA node that should be used for allocations through the memflags parameter; the node is extracted using the MEMFgetnode macro. While the function checks to see if the special constant NUMANONODE is specified, it...