19 matches found
SUSE: Security Advisory (SUSE-SU-2017:1081-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1058-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:1080-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0983-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-907-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3847-1 : xen - security update
Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks. In additional to the CVE identifiers listed above, this update also addresses the vulnerabilities announced ...
[SECURITY] [DSA 3847-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3847-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017 https://www.debian.org/security/faq -...
Debian DLA-907-1 : xen security update
CVE-2017-7228 XSA-212 An insufficient check on XENMEMexchange may allow PV guests to access all of system memory. For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-6. We recommend that you upgrade your xen packages. NOTE: Tenable Network Security has extracted the...
[SECURITY] [DLA 907-1] xen security update
Package : xen Version : 4.1.6.lts1-6 CVE ID : CVE-2017-7228 Debian Bug : 859560 CVE-2017-7228 XSA-212 An insufficient check on XENMEMexchange may allow PV guests to access all of system memory. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-6. We recommend that you...
SUSE SLES11 Security Update : xen (SUSE-SU-2017:1081-1)
This update for xen fixes the following issues: These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain,...
SUSE SLES12 Security Update : xen (SUSE-SU-2017:1080-1)
This update for xen fixes the following issues: These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain,...
openSUSE: Security Advisory for xen (openSUSE-SU-2017:1078-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for xen (important)
This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0983-1)
This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed : - CVE-2017-7228: Broken check in memoryexchange permited PV guest breakout bsc1030442. - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or...
CVE-2017-7228
creationtimestamp| type| source ---|---|--- 2017-04-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41870...
Fedora 25 : xen (2017-054729ab08)
Qemu: 9pfs: host memory leakage via v9fscreate CVE-2017-7377 1437873 x86: broken check in memoryexchange permits PV guest breakout XSA-212, CVE-2017-7228 1438804 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...
Xen: broken check in memory_exchange() permits PV guest breakout(CVE-2017-7228)
Detailed analysis: Pandavirtualization: Exploiting the Xen hypervisor This bug report describes a vulnerability in memoryexchange that permits PV guest kernels to write to an arbitrary virtual address with the hypervisor privileges. The vulnerability was introduced through a broken fix for...
UBUNTU-CVE-2017-7228
An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...
CVE-2017-7228
CVE-2017-7228 refers to an XSA-212 issue in the Xen hypervisor. The root cause is an insufficient check in the XENMEM_exchange input introduced by the XSA-29 fix, which can permit a PV guest to drive hypervisor memory accesses outside of the guest-provided input/output arrays. Affected Xen branch...