Debian Security Advisory DSA 2582-1 (xen - several vulnerabilities)

Multiple denial of service vulnerabilities have been discovered in the Xen Hypervisor. One of the issue CVE-2012-5513 could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories XSA 25 and 28 are not fixed by this update and should be fixed i...

Debian Security Advisory DSA 2666-1 (xen - several vulnerabilities)

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1918 XSA 45 several long latency operations are not preemptible. Some page table manipulation operations for PV guests were not made...

grant table hypercall acquire/release imbalance

ISSUE DESCRIPTION When releasing a non-v1 non-transitive grant after doing a grant copy operation, Xen incorrectly recurses as if for a transitive grant and releases an unrelated grant reference. IMPACT A malicious guest administrator can cause undefined behaviour; depending on the dom0 kernel a...

SuSE 11.2 Security Update : Xen (SAT Patch Number 7018)

XEN was updated to fix various bugs and security issues : The following security issues have been fixed : - xen: Domain builder Out-of-memory due to malicious kernel/ramdisk XSA 25. CVE-2012-4544 - XEN / qemu: guest administrator can access qemu monitor console XSA-19. CVE-2012-4411 - xen: Timer...

CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

Design/Logic Flaw

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

CVE-2013-0154

CVE-2013-0154 affects Xen 4.2 (and related builds) where, in the get_page_type function of xen/arch/x86/mm.c, if debugging is enabled, local PV/HVM guest admins can trigger an assertion failure and hypervisor crash via certain hypercall-related vectors. The issue is a denial of service causing hy...

CVE-2012-5525

The getpagefromgfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service crash via a crafted GFN that triggers a buffer over-read...

CVE-2012-5525

The getpagefromgfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service crash via a crafted GFN that triggers a buffer over-read...

Debian DSA-2582-1 : xen - several vulnerabilities

Multiple denial of service vulnerabilities have been discovered in the Xen Hypervisor. One of the issue CVE-2012-5513 could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories XSA 25and 28 are not fixed by this update and should be fixed in...

SuSE 10 Security Update : Xen (ZYPP Patch Number 8379)

This update fixes the following security issues in xen : - XENMEMexchange may overwrite hypervisor memory XSA-29. CVE-2012-5513 - Several memory hypercall operations allow invalid extent order values XSA-31. CVE-2012-5515 Also the following bugs have been fixed and upstream patches have been...

Several memory hypercall operations allow invalid extent order values

ISSUE DESCRIPTION Allowing arbitrary extentorder input values for XENMEMdecreasereservation, XENMEMpopulatephysmap, and XENMEMexchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resultin...

XEN: security and bugfix update (important)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

CVE-2012-4538

The HVMOPpagetabledying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service hypervisor crash via unspecified vectors...

CVE-2012-4538

Technical details about CVE-2012-4538 are not publicly provided in the connected documents. Please monitor for updates in the referenced advisories and vendor notices.

CVE-2012-4538

The HVMOPpagetabledying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service hypervisor crash via unspecified vectors...

CVE-2012-3494

The setdebugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service host crash by writing to the reserved bits of the DR7 debug control register...

CVE-2012-3494

The setdebugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service host crash by writing to the reserved bits of the DR7 debug control register...