UBUNTU-CVE-2017-15596

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service prevent physical CPU usage because of lock mishandling upon detection of an add-to-physmap error...

ALPINE-CVE-2017-15594

An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service hypervisor crash or gain privileges because IDT settings are mishandled during CPU hotplugging...

ALPINE-CVE-2017-15593

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service memory leak because reference counts are mishandled...

DEBIAN-CVE-2017-15588

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry...

ALPINE-CVE-2017-15595

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service unbounded recursion, stack consumption, and hypervisor crash or possibly gain privileges via crafted page-table stacking...

CVE-2017-15595

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service unbounded recursion, stack consumption, and hypervisor crash or possibly gain privileges via crafted page-table stacking...

CVE-2017-15589

CVE-2017-15589 affects the Xen hypervisor (up to 4.9.x) where intercepted I/O can cause a write from uninitialized hypervisor stack memory, enabling x86 HVM guests to obtain host data. Impact: partial confidentiality loss. Affected: Xen hypervisor on various Linux distros; Details across connecte...

CVE-2017-15590

An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because MSI mapping was mishandled...

CVE-2017-15592

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests...

CVE-2017-15589

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...

CVE-2017-15592

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests...

CVE-2017-15595

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service unbounded recursion, stack consumption, and hypervisor crash or possibly gain privileges via crafted page-table stacking...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could escalate privileges, cause a Denial of Service condition, obtain sensitive information, or have othe...

Citrix XenServer Multiple Security Updates (CTX228867)

A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

xen information disclosure vulnerability (CNVD-2017-30248)

Xen is an open source virtual machine monitor developed by the Xen Project. Xen has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

xen denial of service vulnerability (CNVD-2017-30247)

Xen is an open source virtual machine monitor developed by the Xen Project. Xen has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

xen memory leak vulnerability

Xen is an open source virtual machine monitor developed by the Xen Project. Xen suffers from a memory disclosure vulnerability that can be exploited by an attacker to cause a denial of service...

xen system memory access vulnerability

Xen is an open source virtual machine monitor developed by the Xen Project. The xen system has a memory access vulnerability that can be exploited by an attacker for elevation of privilege...

xen elevation of privilege vulnerability (CNVD-2017-30243)

Xen is an open source virtual machine monitor developed by the Xen Project. Xen suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to gain elevated privileges...

x86: Incorrect handling of self-linear shadow mappings with translated guests

ISSUE DESCRIPTION The shadow pagetable code uses linear mappings to inspect and modify the shadow pagetables. A linear mapping which points back to itself is known as self-linear. For translated guests, the shadow linear mappings being in a separate address space are not intended to be self-linea...