Citrix Hypervisor Security Update

Description of Problem Several security issues have been identified in Citrix Hypervisor formerly Citrix XenServer that may allow: unprivileged code in a PV guest VM to compromise that PV guest VM privileged code in a guest VM to cause the host to crash or become unresponsive privileged code in a...

Citrix Hypervisor Security Update

Description of Problem Two issues have been identified in Citrix Hypervisor that may, if exploited, allow privileged code in an HVM guest VM to compromise or crash the host. These issues only apply in specific configurations; furthermore, Citrix believes that there would be significant difficulty...

Citrix Hypervisor Security Update

Description of Problem An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames. Note that this attack does not disclose the corresponding passwords and does grant not...

VMware Issues Updated Fix For Critical ESXi Flaw

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’...

CVE-2020-3690

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

Code injection

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-3690

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-3690

CVE-2020-3690 describes that an incorrect SMMU configuration in the modem crypto engine could potentially compromise the hypervisor on Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wired Networking) across listed SoCs (A...

Fedora: Security Advisory for xen (FEDORA-2020-e3d619cc32)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion allows a malicious actor to execute arbitrary code, cause system failures, or gain unauthorized access to protected information.

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion relates to the use of memory after deallocation. Exploiting this vulnerability can allow an attacker to execute arbitrary code, cause system failures, or gain unauthorized access to protecte...

[SECURITY] Fedora 33 Update: xen-4.14.0-6.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2020-97775b4234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-27672

A race condition flaw was found in the Xen code responsible for handling the updating of the hypervisor's own page tables. This flaw allows a malicious guest to cause a denial of service, host data corruption, or potential privilege escalation. The highest threat from this vulnerability is to...

CVE-2020-27674

A flaw was found in the Xen hypercalls with INVLPG-like behavior used by x86 PV guests to invalidate TLB entries. This flaw allows a malicious unprivileged guest user to escalate their privileges to the kernel level within the guest. Mitigation There is no known mitigation for this flaw apart fro...

Xen Migrating Timers Race condition DoS (XSA-336)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service DoS vulnerability. When migrating timers of x86 HVM guests between its vCPU-s, the locking model used allows for a second vCPU of the same guest also operating on the...

DEBIAN-CVE-2020-27674

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...

DEBIAN-CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...

DEBIAN-CVE-2020-27675

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the event-handling loop a race condition. This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...

CVE-2020-27670

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated...

UBUNTU-CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...