x86: Incorrect handling of self-linear shadow mappings with translated guests

ISSUE DESCRIPTION The shadow pagetable code uses linear mappings to inspect and modify the shadow pagetables. A linear mapping which points back to itself is known as self-linear. For translated guests, the shadow linear mappings being in a separate address space are not intended to be self-linea...

hypervisor stack leak in x86 I/O intercept code

ISSUE DESCRIPTION Intercepted I/O operations may deal with less than a full machine word's worth of data. While read paths had been the subject of earlier XSAs and hence have been fixed, at least one write path was found where the data stored into an internal structure could contain bits from an...

How to configure console access on XenServer or Citrix Hypervisor

This article is for customers running Citrix Hypervisor or XenServer who want to configure serial console access to their XenServer hosts. In some support cases, serial console access to the XenServer host is required for debug purposes. The serial connection is to use with HyperTerminal or simil...

[SECURITY] Fedora 27 Update: xen-4.9.0-11.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Joyent SmartOS Hyprlofs FS IOCTL Native File System Integer Overflow Privilege Escalation Vulnerability(CVE-2016-8733)

Summary An exploitable integer overflow exists in the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel...

Joyent SmartOS Hyprlofs FS IOCTL Native File System path Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9033)

Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...

Xen Hypervisor Memory Leak on Boot (XSA-235)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by flaw within the pagealloc.c and asm-arm/numa.h due to not scrubbing the memory on boot. This could potentially leave sensitive information available to read after a reboot. This issue onl...

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisors, arises from the failure to address sequences of characters CRLF. This allows attackers to control the headers and bodies of HTTP responses, as well as execute cross-site scripting attacks and attacks on intermediate proxy servers.

The vulnerability of the VMware vCenter Server and VMware ESXi hypervisor management infrastructure relates to the lack of measures to neutralize CRLF sequences. User-provided data is appended to HTTP responses without proper processing, allowing arbitrary headers to be inserted into HTTP...

SUSE SLES11 Security Update : xen (SUSE-SU-2017:2611-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14317: A race in...

[SECURITY] Fedora 25 Update: xen-4.7.3-5.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 27 Update: xen-4.9.0-10.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CVE-2017-1000252

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service assertion failure, and hypervisor hang or crash via an out-of bounds guestirq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c...

CVE-2017-1000252

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service assertion failure, and hypervisor hang or crash via an out-of bounds guestirq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c...

CVE-2017-1000252

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service assertion failure, and hypervisor hang or crash via an out-of bounds guestirq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c...

UBUNTU-CVE-2017-1000252

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service assertion failure, and hypervisor hang or crash via an out-of bounds guestirq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c...

A Modern Hypervisor as a Basis for a Sandbox

In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment or vice versa, to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an...

CVE-2017-12168

An assertion failure issue was found in the Linux kernel's KVM hypervisor module built to support visualization on ARM64 architecture platforms. The failure could occur while accessing Performance Monitors Cycle Count Register PMCCNTR from a guest. A privileged guest user could use this flaw to...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

Xen Hypervisor Multiple Vulnerabilities (XSA-231 - XSA-234)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities : - A flaw exists in the allocheappages function due to improper handling when 'node = MAXNUMNODES'. A guest attacker can use crafted hypercalls to execute...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...