19 matches found
FreeBSD : xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior (80e846ff-27eb-11e5-a4a5-002590263bf5)
The Xen Project reports : With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOPswapgrantref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest...
Fedora 22 : xen-4.5.0-11.fc22 (2015-10001)
stubs-32.h is back, so revert to previous behaviour. Heap overflow in QEMU PCNET controller, allowing guest-host escape XSA-135, CVE-2015-3209. GNTTABOPswapgrantref operation misbehavior XSA-134, CVE-2015-4163. vulnerability in the iret hypercall handler XSA-136, CVE-2015-4164. Note that Tenable...
Fedora 20 : xen-4.3.4-6.fc20 (2015-9965)
Heap overflow in QEMU PCNET controller, allowing guest-host escape XSA-135, CVE-2015-3209 1230537 GNTTABOPswapgrantref operation misbehavior XSA-134, CVE-2015-4163 vulnerability in the iret hypercall handler XSA-136, CVE-2015-4164 Potential unintended writes to host MSI message data field via qem...
Security update for xen (important)
Xen was updated to fix eight vulnerabilities. The following vulnerabilities were fixed: CVE-2015-2751: Certain domctl operations may be abused to lock up the host XSA-127 boo922709 CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104:...
[SECURITY] [DSA 3286-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3286-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...
CVE-2015-4163
GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...
CVE-2015-4163
GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...
Null pointer dereference
GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...
CVE-2015-4163
CVE-2015-4163 affects Xen 4.2–4.5 and stems from GNTTABOP_swap_grant_ref not checking the grant-table operation version, enabling a local guest to cause a denial of service via a NULL pointer dereference when a hypercall is issued without GNTTABOP_setup_table or GNTTABOP_set_version. Impact is li...
CVE-2015-4163
GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...
Debian DSA-3286-1 : xen - security update
Multiple security issues have been found in the Xen virtualisation solution : - CVE-2015-3209 Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card...
SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:1045-1)
Xen was updated to fix seven security vulnerabilities : CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. XSA-128, bnc931625 CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. XSA-129, bnc931626 CVE-2015-4105: Guest triggerable qemu MSI-X...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1042-1)
Xen was updated to fix seven security issues and one non-security bug. The following vulnerabilities were fixed : - CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 bnc931625 - CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests XSA-129...
Citrix XenServer Multiple Security Updates (CTX201145)
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1...
GNTTABOP_swap_grant_ref operation misbehavior
ISSUE DESCRIPTION With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOPswapgrantref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest issued...
CVE-2012-3516
The GNTTABOPswapgrantref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service host crash and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hyperviso...
CVE-2012-3516
The GNTTABOPswapgrantref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service host crash and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hyperviso...
CVE-2012-3516
The GNTTABOPswapgrantref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service host crash and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hyperviso...
CVE-2012-3516
CVE-2012-3516 affects Xen 4.2 and Citrix XenServer 6.0.2 via the GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall. A crafted grant reference can be used by local guest kernels or administrators to cause a host crash (DoS) and potentially gain privileges by triggering a write to ...