PCI MSI mask bits inadvertently exposed to guests

ISSUE DESCRIPTION The mask bits optionally available in the PCI MSI capability structure are used by the hypervisor to occasionally suppress interrupt delivery. Unprivileged guests were, however, nevertheless allowed direct control of these bits. IMPACT Interrupts may be observed by Xen at...

Security update for xen (important)

The XEN hypervisor was updated to fix two security issues: - Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. CVE-2015-3456 - Xen did not initialize certain fields, which allowed certain remote...

xen-tools -- PCI MSI mask bits inadvertently exposed to guests

The Xen Project reports: The mask bits optionally available in the PCI MSI capability structure are used by the hypervisor to occasionally suppress interrupt delivery. Unprivileged guests were, however, nevertheless allowed direct control of these bits. Interrupts may be observed by Xen at...

[SECURITY] Fedora 22 Update: xen-4.5.0-9.fc22

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.4-4.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 21 Update: xen-4.4.2-4.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2013:1774-1)

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies - CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation - CVE-2013-4361: XSA-66: Fixed...

Oracle VM VirtualBox < 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28 QEMU FDC Overflow RCE (VENOM)

The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28. It is, therefore affected by a flaw in the Floppy Disk Controller FDC in the bundled QEMU software due to an overflow condition in 'hw/block/fdc.c' when handling certain command...

SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0747-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

SUSE SLES11 Security Update : xen (SUSE-SU-2014:1732-1)

xen was updated to fix 10 security issues : - Guest effectable page reference leak in MMUMACHPHYSUPDATE handling CVE-2014-9030. - Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor CVE-2014-8867. - Missing privilege level checks in x86 emulation of far branches...

SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)

The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor and toolset has been updated to fix various security issues and several bugs. The following security issues have been addressed : XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1....

SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed : - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. -...

SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0411-1)

The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen hypervisor and toolset have been updated to fix various security issues. The following security issues have been addressed : - XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the...

SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)

The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 and presumably earlier exhibit both problems with the overflow issu...

RHEL 6 / 7 : rhev-hypervisor (RHSA-2015:1011)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1011 advisory. The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization...

Important: Red Hat Security Advisory: rhev-hypervisor security update

Updated rhev-hypervisor packages that fix one security issue are now available. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE link in the...

qemu: arbitrary code execution

The guest operating system communicates with the FDC by sending commands such as seek, read, write, format, etc. to the FDCs input/output port. QEMUs virtual FDC uses a fixed-size buffer for storing these commands and their associated data parameters. The FDC keeps track of how much data to expec...

Scientific Linux Security Update : kvm on SL5.x x86_64 (20150513) (Venom)

An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileg...

RHEL 7 : qemu-kvm-rhev (RHSA-2015:1000) (Venom)

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...