UBUNTU-CVE-2018-10471

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service out-of-bounds zero write and hypervisor crash via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754...

UBUNTU-CVE-2018-10472

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users in certain configurations to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot...

ALPINE-CVE-2018-10471

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service out-of-bounds zero write and hypervisor crash via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754...

DEBIAN-CVE-2018-10471

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service out-of-bounds zero write and hypervisor crash via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754...

DEBIAN-CVE-2018-10472

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users in certain configurations to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot...

x86: PV guest may crash Xen with XPTI

ISSUE DESCRIPTION The workaround for the Meltdown vulnerability XSA-254 failed to deal with an error code path connecting the INT 80 handling with general exception handling. This results in an unconditional write attempt of the value zero to an address near 2^64, in cases where a PV guest has no...

Oracle VirtualBox crStateTrackMatrixNV Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox crUnpackExtendProgramParameters4fvNV Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox crStateProgramParameters4dvNV Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Debian: Security Advisory (DLA-1300-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: xen-4.8.3-3.fc26

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

SUSE SLES11 Security Update : xen (SUSE-SU-2018:0638-1) (Meltdown) (Spectre)

This update for xen fixes several issues. This new feature was included : - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative...

[SECURITY] Fedora 27 Update: xen-4.9.1-5.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] [DLA 1300-1] xen security update

Package : xen Version : 4.1.6.lts1-13 CVE ID : CVE-2018-7540 CVE-2018-7541 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 7 "Wheezy", these problems have been fixed in version...

Debian DLA-1300-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-13. We recommend that you upgrade your xen packages. NOTE: Tenable...

SUSE-SU-2018:0609-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...

SUSE-SU-2018:0601-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...

[SECURITY] [DSA 4131-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4131-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4131-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xen arch_domain_create() Function Local APIC Assumption NULL Pointer Dereference Guest-to-host DoS (XSA-256)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches we...