UBUNTU-CVE-2017-15597

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying...

CVE-2017-15597

CVE-2017-15597 affects Xen up to 4.9.x. A grant-copy operation on a dying-domain grant can lead to hypervisor memory corruption, likely causing host crash and Denial of Service; privilege escalation and information leaks cannot be ruled out. Publicly available advisories indicate fixes in multipl...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2864-1)

This update for xen fixes several issues: These security issues were fixed : - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host...

SUSE SLES12 Security Update : xen (SUSE-SU-2017:2873-1)

This update for xen fixes several issues: These security issues were fixed : - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host...

SUSE-SU-2017:2873-1 Security update for xen

This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host bsc10597...

Xen Hypervisor Pin Count / Page Reference Grant Table Code Guest-to-Host Memory Corruption (XSA-236)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a memory corruption vulnerability. This may allow an attacker on the guest to cause a denial of service or gain elevated privileges on the host. Note that Nessus has checked the changeset...

CVE-2017-15597

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying...

The vulnerability of Xen hypervisors, related to errors in access rights comparison, allows attackers to increase their privileges or cause service failures.

The vulnerability of Xen hypervisors is related to access authorization errors that occur when permissions for guest x86 operating systems running in PV mode are removed or changed. Exploiting this vulnerability can allow a local attacker to increase their privileges or cause service failures...

The vulnerability of the alloc_heap_pages function in Xen hypervisors allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the allocheappages function in Xen hypervisors arises due to insufficient checking of parameters. Exploiting this vulnerability allows a local attacker to execute arbitrary code or cause a service failure by exceeding memory limits, using the NUMA parameter for memory...

pin count / page reference race in grant table code

ISSUE DESCRIPTION Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns...

openSUSE Security Update : xen (openSUSE-2017-1181)

This update for xen fixes several issues : These security issues were fixed : - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host...

SUSE-SU-2017:2812-1 Security update for xen

This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host bsc10597...

Xen Hypervisor Translated Guest Self-linear Shadow Mapping Handling Guest-to-Host Privilege Escalation (XSA-243)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an unspecified flaw in mm/shadow/multi.c that is triggered during the handling of self-linear shadow mappings with translated guests. This may allow an attacker on the guest to cause a...

Xen Hypervisor Page Type Reference Handling Memory Exhaustion Guest-to-Host DoS (XSA-242)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an unspecified flaw in arch/x86/mm.c that is triggered as page type references are not properly handled when performing certain cleanup operations. This allows an attacker on the guest to...

Xen Hypervisor I/O Intercept Code Hypervisor Stack Guest-to-Host Information Disclosure (XSA-239)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an unspecified flaw in the hvmemuldoio function in arch/x86/hvm/emulate.c that is triggered as an internal structure may contain data from an uninitialized hypervisor stack slot. This may...

Xen Hypervisor Multiple Functions DMOP Handling Guest-to-Host DoS (XSA-238)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by unspecified flaws in arch/x86/hvm/ioreq.c that is triggered when handling DMOPs. This may allow an attacker within a guest to consume excessive resources. Note this can only be exploited ...

Xen Hypervisor TLB Flush Request Handling Race Condition System Memory Access Guest-to-Host Privilege Escalation (XSA-241)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a race condition that is triggered when handling TLB flush requests. This allows an attacker on the guest to access all system memory, allowing them to cause a denial of service, disclose...

Xen Hypervisor Pagetable De-typing Recursion Handling Guest-to-Host DoS (XSA-240)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a stack overflow vulnerability that is triggered when recursion is not properly handled when de-typing linear pagetables. By stacking multiple layers of page tables, an attacker within a...

Xen Hypervisor New CPU Interrupt Descriptor Table (IDT) Copy Handling Guest-to-Host Privilege Escalation (XSA-244)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an unspecified flaw that is triggered when, as a new CPU is brought online, it copies certain selector fields from CPU0's Interrupt Descriptor Table IDT while CPU0 is in HVM context. This...

Xen Hypervisor PCI MSI Interrupt Setup Multiple Guest-to-Host Privilege Escalation (XSA-237)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities related to the setup of PCI MSI interrupts, which may allow an attacker on the guest to cause a denial of service on the host, potentially disclose sensitive...