22 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-12135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive...
SUSE: Security Advisory (SUSE-SU-2017:2339-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2327-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Path traversal
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOPcopy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path...
Bad continuation handling in GNTTABOP_copy
ISSUE DESCRIPTION Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 / XSA-226 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular the status fields...
Debian: Security Advisory (DLA-1132-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : xen (SUSE-SU-2017:2327-2)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...
SUSE SLES12 Security Update : xen (SUSE-SU-2017:2541-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...
SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...
SUSE-SU-2017:2450-1 Security update for xen
This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates ...
Security update for xen (important)
This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates ...
SUSE SLES11 Security Update : xen (SUSE-SU-2017:2339-1)
This update for xen fixes the following issues : - CVE-2017-12855: Premature clearing of GTFwriting / GTFreading lead to potentially leaking sensitive information XSA-230, bsc1052686. - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or...
SUSE SLED12 Security Update : xen (SUSE-SU-2017:2327-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2326-1)
This update for xen to version 4.7.3 fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137:...
SUSE-SU-2017:2339-1 Security update for xen
This update for xen fixes the following issues: - CVE-2017-12855: Premature clearing of GTFwriting / GTFreading lead to potentially leaking sensitive information XSA-230, bsc1052686. - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potential...
OracleVM 3.3 : xen (OVMSA-2017-0148)
The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: gnttab: correct pin status fixup for copy Regardless of copy operations only setting GNTPINhst, GNTPINdev also need to be taken into account when deciding whether to clear...
SUSE-SU-2017:2319-1 Security update for xen
This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates ...
CVE-2017-12135
CVE-2017-12135 concerns the Xen hypervisor grant-table handling. The connected materials show that the vulnerability involves transitive grants and a path through grant-copy handling. The core issue is in the GNTTABOP_copy path, where the fix for CVE-2017-12135 could cause the caller to receive a...
Fedora 26 : xen (2017-f336ba205d)
Qemu: serial: host memory leakage 16550A UART emulation CVE-2017-5579 1416162 Qemu: display: cirrus: OOB read access issue CVE-2017-7718 1443444 xen: various flaws 1481765 multiple problems with transitive grants XSA-226, CVE-2017-12135 x86: PV privilege escalation via mapgrantref XSA-227,...
Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applie...