5614 matches found
Citrix Hypervisor Security Update
Description of Problem Several security issues have been identified in Citrix Hypervisor formerly Citrix XenServer that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. In addition, unprivileged code in a PV guest VM may be able to cause that guest VM to...
Vulnerabilities fixed in Xen
Xen developers have fixed vulnerabilities in the hypervisor. The vulnerability with reference CVE-2020-25604 makes it possible for a local malicious person who can migrate timers between vCPU-s to cause a denial-of-service. The vulnerability with attribute CVE-2020-25595 allows a local malicious...
CVE-2020-25604
A race condition flaw was found in Xen. When migrating timers of x86 HVM guests between its vCPUs, the locking model that is used allows for a second vCPU of the same guest that is also operating on the timers, to release a lock that was not acquired. The issue leads to the hypervisor hanging or...
CVE-2020-25603
A security flaw was found in Xen. Event channels control structures can be accessed without lock as long as the port is considered to be valid. A malicious guest may be able to cause a hypervisor crash resulting in a denial of service DoS. An information leak and privilege escalation cannot be...
Missing memory barriers when accessing/allocating an event channel
ISSUE DESCRIPTION Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such sequence is missing appropriate memory barrier e.g smpmb to prevent both the compiler and CPU to re-order access. IMPACT A malicious guest may be able to cause a...
The vulnerability of VMware Fusion’s hypervisor, related to privilege management errors, allows a perpetrator to elevate their privileges.
The vulnerability of VMware Fusion relates to privilege management errors. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, related to authentication deficiencies, allows attackers to cause partial service interruptions.
The vulnerability of the virtual infrastructure management tools VMware vCenter Server and VMware ESXi hypervisor is related to authentication deficiencies. Exploiting this vulnerability can allow a malicious actor to cause partial service disruption from a remote location...
Fedora: Security Advisory for xen (FEDORA-2020-eeb29955ed)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: xen-4.13.1-5.fc32
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
VMware Workstation ThinPrint EMF Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
VMware Workstation ThinPrint TTCHeader Integer Overflow Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
VMware Workstation ThinPrint EMR_STRETCHDIBITS Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
VMware Workstation ThinPrint name Table Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ThinPri...
VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
FreeBSD-SA-20:29.bhyve_svm
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:29.bhyvesvm Security Advisory The FreeBSD Project Topic: bhyve SVM guest escape Category: core Module: bhyve Announced: 2020-09-15 Credits: Maxime Villard...
FreeBSD-SA-20:28.bhyve_vmcs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:28.bhyvevmcs Security Advisory The FreeBSD Project Topic: bhyve privilege escalation via VMCS access Category: core Module: bhyve Announced: 2020-09-15...
Fedora: Security Advisory for xen (FEDORA-2020-3689b67b53)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: xen-4.12.3-4.fc31
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
CVE-2020-15687
Missing access control restrictions in the Hypervisor component of the ACRN Project v2.0 and v1.6.1 allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and...
CVE-2020-15687
Missing access control restrictions in the Hypervisor component of the ACRN Project v2.0 and v1.6.1 allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and...