The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of the compatiret function in Xen supervisors is related to resource management errors. Exploiting this vulnerability can allow a malicious actor, operating locally, to trigger a service failure by calling the hypercalliret function with the EFLAGS.VM parameter set...

xen-kernel -- PV superpage functionality missing sanity checks

The Xen Project reports: The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various...

Citrix XenServer Multiple memory_exchange() Hypercall Error Handling DoS (CTX203451)

The version of Citrix XenServer running on the remote host is affected by multiple denial of service vulnerabilities due to multiple flaws in the memoryexchange function in memory.c that are triggered when handling hypercall XENMEMexchange errors. A local attacker within a guest can exploit these...

CVE-2015-7812

The hypercallcreatecontinuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service host crash via a preemptible hypercall to the multicall interface...

CVE-2015-7812

The hypercallcreatecontinuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service host crash via a preemptible hypercall to the multicall interface...

UBUNTU-CVE-2015-7812

The hypercallcreatecontinuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service host crash via a preemptible hypercall to the multicall interface...

CVE-2015-7812

CVE-2015-7812 : In Xen, the hypercall_create_continuation function in arch/arm/domain.c is vulnerable within Xen 4.4.x through 4.6.x. A local guest user can issue a preemptible hypercall to the multicall interface, which may crash the host. The description specifies a local attack that leads to a...

CVE-2015-7812

The hypercallcreatecontinuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service host crash via a preemptible hypercall to the multicall interface...

Xen Denial of Service Vulnerability (CNVD-2015-07244)

Xen is an open source virtual machine monitor product developed at the University of Cambridge in the United Kingdom. A security vulnerability exists in Xen versions 3.2.x through 4.6.x due to the failure of the program to limit the number of printk console messages when logging HYPERCALLxenoprof...

CVE-2015-7971

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted 1 HYPERCALLxenoprofop hypercalls, which are not properly handled in the doxenoprofop...

CVE-2015-7969

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service memory consumption via a large number of "teardowns" of domains with the vcpu pointer array allocated using the 1 XENDOMCTLmaxvcpus hypercall or the...

CVE-2015-7969

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service memory consumption via a large number of "teardowns" of domains with the vcpu pointer array allocated using the 1 XENDOMCTLmaxvcpus hypercall or the...

CVE-2008-3687

Heap-based buffer overflow in the flasksecuritylabel function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users domU to execute arbitrary code via the flaskop hypercall...

SUSE-SU-2015:1479-1 Security update for xen

xen was updated to fix the following security issues: CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model bsc939712, XSA-140 CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol bsc939709, XSA-139 CVE-2015-2751: Certain domctl operations could have be used to...

FreeBSD : xen-kernel -- vulnerability in the iret hypercall handler (8c31b288-27ec-11e5-a4a5-002590263bf5)

The Xen Project reports : A buggy loop in Xen's compatiret function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercalliret with EFLAGS.VM set. Given the use of get/putuser, and that the virtual addresses in question ar...

FreeBSD : xen-kernel -- Information leak through version information hypercall (ef9d041e-27e2-11e5-a4a5-002590263bf5)

The Xen Project reports : The code handling certain sub-operations of the HYPERVISORxenversion hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becomi...

FreeBSD : xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible (d40c66cb-27e4-11e5-a4a5-002590263bf5)

The Xen Project reports : The XENDOMCTLmemorymapping hypercall allows long running operations without implementing preemption. This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly...

Fedora 20 : xen-4.3.4-6.fc20 (2015-9965)

Heap overflow in QEMU PCNET controller, allowing guest-host escape XSA-135, CVE-2015-3209 1230537 GNTTABOPswapgrantref operation misbehavior XSA-134, CVE-2015-4163 vulnerability in the iret hypercall handler XSA-136, CVE-2015-4164 Potential unintended writes to host MSI message data field via qem...

Fedora 22 : xen-4.5.0-11.fc22 (2015-10001)

stubs-32.h is back, so revert to previous behaviour. Heap overflow in QEMU PCNET controller, allowing guest-host escape XSA-135, CVE-2015-3209. GNTTABOPswapgrantref operation misbehavior XSA-134, CVE-2015-4163. vulnerability in the iret hypercall handler XSA-136, CVE-2015-4164. Note that Tenable...

Security update for xen (important)

Xen was updated to fix eight vulnerabilities. The following vulnerabilities were fixed: CVE-2015-2751: Certain domctl operations may be abused to lock up the host XSA-127 boo922709 CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104:...