Fedora: Security Advisory for xen (FEDORA-2021-7785f6c616)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xen mishandling of the event channel validity constraint DoS (XSA-338))

A denial of service DoS vulnerability exists in Xen due to a mishandling of the constraint that once-valid event channels may not turn invalid. An unprivileged guest may be able to crash Xen, leading to a denial of service for the entire system. Note that Nessus has not tested for this issue but...

Xen missing error handling in MSR_MISC_ENABLE DoS (XSA-333)

A denial of service DoS vulnerability exists in Xen server due to missing error handling in MISCENABLE MSR. A malicious PV guest administrator can trigger Xen to crash, resulting in a host DoS. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Xen Missing memory barriers DoS (XSA-340)

A denial of service DoS vulnerability exists in Xen servers when accessing/allocating an event channel due to a missing memory barrier. An authenticated, local attacker may be able to cause a hypervisor crash resulting in a Denial of Service DoS. Note that Nessus has not tested for this issue but...

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and...

Hotfix XS82E002 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

Hotfix XS82E013 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Driver Disk for Microsemi aacraid 1.2.1.60001 - For Citrix Hypervisor 8.x CR

Who Should Install this Driver Disk? Customers running a Citrix Hypervisor 8.x release who use Microsemi's aacraid driver and wish to use the latest version of the following: Driver Module| Version ---|--- aacraid| 1.2.1.60001 Issues Resolved In this Driver Disk Includes general enhancements and...

Hotfix XS82E010 - for Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX285937 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS82E011 - for Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286511 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS82E012 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Hotfix XS82E014 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Available driver versions for XenServer and Citrix Hypervisor

Latest driver disk updates for XenServer and Citrix Hypervisor We work with partner organizations to ensure that drivers are available to enable new hardware and resolve critical issues. We regularly deliver updated versions of these drivers when partner organizations provide them to us. For Citr...

Hotfix XS81E014 - For Citrix Hypervisor 8.1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.1. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Note: This hotfix is available only to customers on theCustomer...

Hotfix XS82E006 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| None Content live patchable| No Baselines for Live Patch| N/A Revision History| Published on Nov 03, 2020...

XENMEM_aquire_resources Error Path DoS (XSA-334)

A denial of service DoS vulnerability exists in Xen servers XENMEMacquireresource due to an error path exiting without releasing an RCU Read, Copy, Update reference. An authenticated, local attacker can exploit this issue, via a malicious HVM stubdomain which can cause an RCU reference to be...

Xen Control Block DoS (XSA-358)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing...

Xen xenstore watch notification Information Disclosure (XSA-115)

"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability due to a lack of permission checks for xenstore watch event reporting. A guest administrator can watch the root xenstored node, which will cause...

Xen xenstored watch DoS (XSA-348)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has...

Xen IRQ Infinite Loop DoS (XSA-356)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue when handling IRQ vectors. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated an...