108 matches found
DEBIAN-CVE-2020-15567
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, Xen would in some circumstances use a series of non-atomic bitfield write...
DEBIAN-CVE-2020-15563
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to gain increased privileges.
The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
UBUNTU-CVE-2019-19577
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number ...
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code in the host operating system.
The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system exists due to insufficient verification of input data on the host server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the host operating system using a...
PT-2019-2479 · Microsoft · Windows Hyper-V +1
Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to insufficient input validation in the Hyper-V hardware virtualization system of the Windows operating system. This can be exploited by a remote attacker using...
The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows attackers to disclose sensitive information that should be protected.
The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to errors in the authentication process in the guest operating system. Exploiting this vulnerability can allow an attacker to disclose sensitive information...
The vulnerability of Microsoft Hyper-V hardware virtualization system for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of Microsoft Hyper-V hardware virtualization technology for Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code on the host operating system through a specially created...
ALPINE-CVE-2018-18883
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...
The vulnerability of Microsoft Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Hyper-V hardware virtualization technology for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host operating system through a specially created...
UBUNTU-CVE-2018-12893
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...
UBUNTU-CVE-2017-15592
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests...
A Modern Hypervisor as a Basis for a Sandbox
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment or vice versa, to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an...
ALPINE-CVE-2016-9377
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service guest crash by leveraging IDT entry miscalculation...
DEBIAN-CVE-2016-10025
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...
Microsoft Tears off the Band-Aid with EMET
Microsoft last week extended the end-of-life expiration date to July 2018 on its exploit mitigation add-on, the Enhanced Mitigation Experience Toolkit EMET. But for some time, the once-useful tool has been well on its way out to pasture. While EMET was never meant to be anything more than stopgap...
ALPINE-CVE-2016-7094
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update...
Xen 'paging_invlpg' function denial of service vulnerability
Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in t...
DEBIAN-CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
Xen Denial of Service Vulnerability (CNVD-2015-03573)
Xen is an open source virtual machine monitor. Xen versions 3.3.x-4.5.x, fail to properly restrict write access to the host MSI message data field, which can be exploited by local x86 HVM client administrators to cause a denial of service unexpected outage and host crash...