66 matches found
Out-of-bounds
The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access and process crash or possibly...
FreeBSD : xen-kernel -- Information leak via internal x86 system device emulation (5023f559-27e2-11e5-a4a5-002590263bf5)
The Xen Project reports : Emulation routines in the hypervisor dealing with certain system devices check whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that...
Fedora 20 : xen-4.3.3-12.fc20 (2015-3721)
HVM qemu unexpectedly enabling emulated VGA graphics backends XSA-119, CVE-2015-2152 Hypervisor memory corruption due to x86 emulator flaw XSA-123, CVE-2015-2151 Information leak via internal x86 system device emulation, Information leak through version information hypercall Note that Tenable...
Fedora 22 : xen-4.5.0-6.fc22 (2015-3935)
Additional patch for XSA-98 on arm64 HVM qemu unexpectedly enabling emulated VGA graphics backends XSA-119, CVE-2015-2152 Hypervisor memory corruption due to x86 emulator flaw XSA-123, CVE-2015-2151 Information leak via internal x86 system device emulation, Information leak through version...
Debian Security Advisory DSA 3181-1 (xen - security update)
Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-2044 Information leak via x86 system device emulation. CVE-2015-2045 Information leak in the HYPERVISORxenversion hypercall. CVE-2015-2151 Missing input sanitising in the x86 emulator could result in information...
CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."...