12 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-18425
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missin...
Updated xen packages fix security vulnerability
- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...
SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)
This update for xen fixes the following issues : CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. CVE-2019-19581: findnextbit issues bsc1158003...
Fedora 30 : xen (2019-cbb732f760)
add missing XSA-299 patches x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 ---- VCPUOPinitialise DoS XSA-296, CVE-2019-18420 missing descriptor table limit checking in x86 PV emulation XSA-298,...
Fedora 29 : xen (2019-865bb16900)
VCPUOPinitialise DoS XSA-296, CVE-2019-18420 missing descriptor table limit checking in x86 PV emulation XSA-298, CVE-2019-18425 Issues with restartable PV type change operations XSA-299, CVE-2019-18421 1767726 add-to-physmap can be abused to DoS Arm hosts XSA-301, CVE-2019-18423 passed through P...
Code injection
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performe...
UBUNTU-CVE-2019-18425
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performe...
CVE-2019-18425
CVE-2019-18425 affects Xen across 3.2+ and enables privilege escalation in 32-bit PV guests due to missing descriptor table limit checks in x86 PV emulation. The vulnerability is limited to 32-bit PV guest user mode; HVM/PVH/64-bit PV guests and ARM are not affected. Exploitation would let a gues...
CVE-2019-18425
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performe...
PT-2019-4839 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions 3.2 through 4.12.x Description: The issue is related to an error in the x86 PV emulation of the Xen hypervisor, specifically a missing check for the descriptor table limit. This could allow a remote attacker to access confidentia...
Linux kernel KVM virtualization subsystem elevation of privilege vulnerability
Linux kernel is the kernel used by Linux, the operating system released by the Linux Foundation in the U.S. The KVM virtualization subsystem is one of the KVM Kernel-based Virtual Machine virtualization subsystems. A security vulnerability exists in the KVM virtualization subsystem of the Linux...
PT-2018-2205 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel's KVM virtualization subsystem affected versions not specified Description: A flaw in the Linux kernel's KVM virtualization subsystem is related to inadequate access control. The issue is caused by the VMX code not restoring the...