Xen Management Tool DoS (XSA-323)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a bad path name limit in oxenstored. A malicious guest administrator can exploit this, by creating paths in the guest's own namespace that are too...

Xen xenstored watch DoS (XSA-324)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with max payload length in xenstored. A malicious guest can exploit this, by registering a 'watch' with using a very large tag, to cause ...

PT-2021-7293 · Xen +4 · Xen +4

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to a component of the Xen hypervisor, specifically the blkfront component, which has a resource release error. This can be exploited by a remote attacker to cause a denial ...

PT-2021-7286 · Unknown +4 · Xen Hypervisor +4

Name of the Vulnerable Software and Affected Versions: Xen hypervisor netfront component affected versions not specified Description: The issue is related to errors in resource release in the netfront component of the Xen hypervisor. Exploitation of this issue may allow an attacker to cause a...

Xen oxenstored DoS (XSA-352)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with oxenstored. A malicious guest administrator can change xenstore node ownership to run another guest out of quota, or create an...

Xen Memory Leak DoS (XSA-330)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a memory leak in XSRESETWATCHES. A guest can cause unbounded memory usage in oxenstored to cause the system to stop responding with a system-wide...

[SECURITY] Fedora 32 Update: xen-4.13.2-5.fc32

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 33 Update: xen-4.14.0-14.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2020-df772b417b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for xen (FEDORA-2020-64859a826b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MGASA-2020-0466 Updated virtualbox packages fix security vulnerabilities

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. CVE-2020-14872. An...

Updated virtualbox packages fix security vulnerabilities

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. CVE-2020-14872. An...

An issue was discovered in the Linux kernel through 5.10.1 as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

...

Bitdefender Hypervisor Introspection Code Execution Vulnerability

Bidefender Hypervisor Introspection HVI is a software from Bidefender Romania that checks the memory safety of running virtual machines at the Hypervisor layer using the VM self-test APIs of the Xen and KVM hypervisors. The software blocks code execution in abnormal memory by virtualizing the...

VMware Workstation SetGuestInfo Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Xen Project DoS Vulnerability (XSA-359)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to the de-referencing of a NULL pointer. Only ARM systems are affected. Note that Nessus has checked the changeset versions based on the xen.git chan...

CVE-2020-15294

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would...

CVE-2020-15294

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would...

Race condition

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would...

CVE-2020-15293 Memory corruption in Bitdefender Hypervisor Introspection (VA-9336)

Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions...