19 matches found
SUSE: Security Advisory (SUSE-SU-2017:1058-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1081-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0983-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1080-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-907-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3847-1 : xen - security update
Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks. In additional to the CVE identifiers listed above, this update also addresses the vulnerabilities announced ...
[SECURITY] [DSA 3847-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3847-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017 https://www.debian.org/security/faq -...
Debian DLA-907-1 : xen security update
CVE-2017-7228 XSA-212 An insufficient check on XENMEMexchange may allow PV guests to access all of system memory. For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-6. We recommend that you upgrade your xen packages. NOTE: Tenable Network Security has extracted the...
[SECURITY] [DLA 907-1] xen security update
Package : xen Version : 4.1.6.lts1-6 CVE ID : CVE-2017-7228 Debian Bug : 859560 CVE-2017-7228 XSA-212 An insufficient check on XENMEMexchange may allow PV guests to access all of system memory. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-6. We recommend that you...
openSUSE: Security Advisory for xen (openSUSE-SU-2017:1078-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES12 Security Update : xen (SUSE-SU-2017:1080-1)
This update for xen fixes the following issues: These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain,...
SUSE SLES11 Security Update : xen (SUSE-SU-2017:1081-1)
This update for xen fixes the following issues: These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain,...
Security update for xen (important)
This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0983-1)
This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or...
CVE-2017-7228
creationtimestamp| type| source ---|---|--- 2017-04-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41870...
Fedora 25 : xen (2017-054729ab08)
Qemu: 9pfs: host memory leakage via v9fscreate CVE-2017-7377 1437873 x86: broken check in memoryexchange permits PV guest breakout XSA-212, CVE-2017-7228 1438804 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...
Xen: broken check in memory_exchange() permits PV guest breakout(CVE-2017-7228)
Detailed analysis: Pandavirtualization: Exploiting the Xen hypervisor This bug report describes a vulnerability in memoryexchange that permits PV guest kernels to write to an arbitrary virtual address with the hypervisor privileges. The vulnerability was introduced through a broken fix for...
UBUNTU-CVE-2017-7228
An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...
CVE-2017-7228
CVE-2017-7228 refers to an XSA-212 issue in the Xen hypervisor. The root cause is an insufficient check in the XENMEM_exchange input introduced by the XSA-29 fix, which can permit a PV guest to drive hypervisor memory accesses outside of the guest-provided input/output arrays. Affected Xen branch...