[SECURITY] Fedora 32 Update: xen-4.13.1-6.fc32

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Xen: Buffer overflow

Background Xen is a bare-metal hypervisor. Description An out-of-bounds read/write access issue was found in the USB emulator when using QEMU. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround There...

[SECURITY] Fedora 33 Update: xen-4.14.0-5.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2020-306b84fd07)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...

Xen PCI Passthrough Code Reading Back Hardware Registers DoS (XSA-337)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service DoS vulnerability. Code paths in Xen's MSI handling have been identified which act on unsanitized values read back from device hardware registers. While devices strict...

Xen in the Linux kernel when running a guest on a host without hardware assisted paging (HAP) allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.

...

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier e.g., smpmb ...

ALPINE-CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

DEBIAN-CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

DEBIAN-CVE-2020-25600

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm either bitness ones. 32-bit x86 domain...

CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

Privilege escalation

An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier e.g., smp...

UBUNTU-CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

UBUNTU-CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

CVE-2020-25603

CVE-2020-25603 affects Xen up to 4.14.x, where missing memory barriers in event-channel access/allocation allow lockless manipulation of event-channel state. A malicious guest could crash the hypervisor, causing a Denial of Service, with potential information leaks or privilege escalation. Public...

CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

CVE-2020-25604

CVE-2020-25604 in Xen up to 4.14.x describes a race condition when migrating timers between x86 HVM vCPUs. The locking model can allow a second vCPU of the same guest to release a lock it did not acquire, potentially causing a hang or crash (DoS) of the hypervisor. Affected: all Xen versions on x...