20 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-14318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen 4.5.x through 4.9.x. The function gnttabcacheflush handles GNTTABOPcacheflush grant table operations. It checks to see if the...
RHEL 5 : xsa232_xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xsa232 xen: Missing check for grant table XSA-232 CVE-2017-14318 Note that Nessus has not tested for this issue but...
SUSE: Security Advisory (SUSE-SU-2017:2466-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2519-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2420-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1132-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4050-1 : xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
[SECURITY] [DSA 4050-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4050-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2017 https://www.debian.org/security/faq -...
Fedora Update for xen FEDORA-2017-f7fd3fe7eb
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : xen (2017-f7fd3fe7eb)
xen: various flaws 1490884 Missing NUMA node parameter verification XSA-231, CVE-2017-14316 Missing check for grant table XSA-232, CVE-2017-14318 cxenstored: Race in domain cleanup XSA-233, CVE-2017-14317 insufficient grant unmapping checks for x86 PV guests XSA-234, CVE-2017-14319 Note that...
openSUSE Security Update : xen (openSUSE-2017-1080)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2519-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
Security update for xen (important)
This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
openSUSE Security Update : xen (openSUSE-2017-1071)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
Fedora 26 : xen (2017-e399a9008c)
xen: various flaws 1490884 Missing NUMA node parameter verification XSA-231, CVE-2017-14316 Missing check for grant table XSA-232, CVE-2017-14318 cxenstored: Race in domain cleanup XSA-233, CVE-2017-14317 insufficient grant unmapping checks for x86 PV guests XSA-234, CVE-2017-14319 ---- update to...
SUSE SLES12 Security Update : xen (SUSE-SU-2017:2466-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
Citrix XenServer Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServe...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2420-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
DEBIAN-CVE-2017-14318
An issue was discovered in Xen 4.5.x through 4.9.x. The function gnttabcacheflush handles GNTTABOPcacheflush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mappin...
CVE-2017-14318
CVE-2017-14318 affects Xen 4.5.x–4.9.x. The vulnerability arises in __gnttab_cache_flush: when operating on a page owned by special domains (DOMID_XEN/IO/COW) that lack a grant table, the code may dereference a NULL pointer since it does not verify the owner’s grant table existence. This can enab...