Fedora 27 : xen (2017-c432db2971)

xen: various flaws 1501391 multiple MSI mapping issues on x86 XSA-237 DMOP map/unmap missing argument checks XSA-238 hypervisor stack leak in x86 I/O intercept code XSA-239 Unlimited recursion in linear pagetable de-typing XSA-240 Stale TLB entry due to page type release race XSA-241 page type...

[SECURITY] [DLA 1181-1] xen security update

Package : xen Version : 4.1.6.lts1-10 CVE ID : CVE-2017-15588 CVE-2017-15589 CVE-2017-15592 CVE-2017-15593 CVE-2017-15595 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-15588 Jann Horn discovered a race condition that can cause a stale TLB entry which might result i...

hypervisor stack leak in x86 I/O intercept code

ISSUE DESCRIPTION Intercepted I/O operations may deal with less than a full machine word's worth of data. While read paths had been the subject of earlier XSAs and hence have been fixed, at least one write path was found where the data stored into an internal structure could contain bits from an...

FreeBSD : xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override (80a897a2-c1a6-11e6-ae1b-002590263bf5)

The Xen Project reports : The x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override making it CMPXCHG16B. So, the operand size is always 8 or 16. When support for CMPXCHG16B emulation was added to the instruction emulator, this restrictio...