CVE-2012-3494

The setdebugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service host crash by writing to the reserved bits of the DR7 debug control register...

CVE-2012-3495

The physdevgetfreepirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the getfreepirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service invali...

CVE-2012-3495

CVE-2012-3495 affects the Xen hypervisor: the physdev_get_free_pirq hypercall does not validate the return value of get_free_pirq, and if that call fails it uses the error code as an array index. This can cause an invalid memory write leading to host crash and, per the description, potential priv...

SUSE-SU-2015:0940-1 Security update for Xen

This update fixes the following security issues in Xen: CVE-2012-5510: Grant table version switch list corruption vulnerability XSA-26 CVE-2012-5511: Several HVM operations do not validate the range of their inputs XSA-27 CVE-2012-5513: XENMEMexchange may overwrite hypervisor memory XSA-29...

CVE-2012-4539

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service infinite loop and hang or crash via invalid arguments to GNTTABOPgetstatusframes, aka "Grant table hypercall infinite loop DoS vulnerability."...

Unhooking empty PAE entries DoS vulnerability

ISSUE DESCRIPTION The HVMOPpagetabledying hypercall does not correctly check the caller's pagetable state, leading to a hypervisor crash. IMPACT An HVM guest running on shadow pagetables that is, not HAP can cause the hypervisor to crash. VULNERABLE SYSTEMS All Xen versions from 4.0 onwards are...

SuSE 10 Security Update : Xen (ZYPP Patch Number 8268)

XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed : - xen: hypercall setdebugreg vulnerability XSA-12. CVE-2012-3494 - xen: Qemu VT100 emulation vulnerability XSA-17. CVE-2012-3515 - xen: pv bootloader doesn't check the size of the bzip2 or lz...

multiple TMEM hypercall vulnerabilities

ISSUE DESCRIPTION Several sub-operations of the Transcendent Memory TMEM hypercall either do not correctly validate their inputs, do not correctly validate the privilege of the calling guest, or have other security-relevant bugs. A full list of the vulnerabilities in the TMEM system is not...

hypercall physdev_get_free_pirq vulnerability

ISSUE DESCRIPTION PHYSDEVOPgetfreepirq does not check that its call to getfreepirq succeeded, and if it fails will use the error code as an array index. IMPACT A malicious guest might be able to cause the host to crash, leading to a DoS, depending on the exact memory layout. Privilege escalation ...

kernel security and bug fix update

2.6.9-89.31.1.0.1.EL - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

kernel security and bug fix update

2.6.9-89.0.26.0.1.EL - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

kernel security and bug fix update

2.6.9-89.0.23.0.1 - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

CentOS 5 : kvm (CESA-2010:0088)

Updated kvm packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. KVM Kernel-based Virtual Machine is a full virtualization solution for...

Important: Red Hat Security Advisory: kvm security and bug fix update

Updated kvm packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. KVM Kernel-based Virtual Machine is a full virtualization solution for...

kernel security and bug fix update

2.6.9-89.0.15.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - backout patch sysrq-b that queues upto keventd thread Guru Anbalagane orabug 6125546 - netrx/netpoll race...

kernel security and bug fix update

2.6.9-89.0.7.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - backout patch sysrq-b that queues upto keventd thread Guru Anbalagane orabug 6125546 - netrx/netpoll race avoidanc...

Heap overflow

Heap-based buffer overflow in the flasksecuritylabel function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users domU to execute arbitrary code via the flaskop hypercall...

CVE-2008-3687

Affected: Xen 3.3 compiled with XSM:FLASK. Vulnerable: flask_security_label function, due to a heap-based buffer overflow. Impact: unprivileged domU users can execute arbitrary code via the flask_op hypercall. Public exploit details are not provided in the documents; no patch/version remediation ...