ALPINE-CVE-2017-10912

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217...

CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

CVE-2017-10919

Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-223...

Xen 'xen/arch/arm/gic.c' Denial of Service Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge in the United Kingdom. Xen has a security vulnerability that allows an attacker to crash the system by submitting a special request that could be exploited...

[SECURITY] Fedora 24 Update: xen-4.6.5-7.fc24

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

The vulnerability of Xen hypervisors, allowing a attacker to gain access to the hypervisor’s memory

The vulnerability of Xen hypervisors known as XSA-212 is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor, operating locally, to gain access to the hypervisor’s memory beyond the guest system’s input/output arrays, given that XSA-29 previously...

The vulnerability of the software interface of the Android operating system’s Hypervisor allows a hacker to bypass the authentication process.

The vulnerability of the software interface of the Android operating system’s Hypervisor is related to the failure of authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

Xen 'shadow/common.c' elevation of privilege vulnerability

Xen is an open source virtual machine monitor. An elevation of privilege vulnerability exists in Xen 'shadow/common.c'. An attacker could exploit the vulnerability to gain elevated privileges...

Xen 'xen/arch/arm/vgic.c' Denial of Service Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A denial of service vulnerability...

Xen 'xen/arch/x86/irq.c' NULL Null Pointer Remote Denial of Service Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A remote denial of service...

arm: vgic: Out-of-bound access when sending SGIs

ISSUE DESCRIPTION ARM guests can send SGI i.e. IPI targeting a list of vCPUs using the MMIO register GICDSGIR GICv2 or System Register ICCSGI1R GICv3. However, the emulation code does not sanitize the list and will directly access an array without checking whether the array index is within bounds...

ARM guest disabling interrupt may crash Xen

ISSUE DESCRIPTION Virtual interrupt injection could be triggered by a guest when sending an SGI e.g IPI to any vCPU or by configuring timers. When the virtual interrupt is masked, a missing check in the injection path may result in reading invalid hardware register or crashing the host. IMPACT A...

Microsoft Windows Hypervisor Code Integrity Privilege Escalation Vulnerability (KB3217845)

This host is missing an important security update according to Microsoft KB3217845 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2015-9030

In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication...

CVE-2015-9030

CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...

Hypervisor Code Integrity Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated privileges on a target guest operating system. The host operating system is not...

KLA11842 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...

The vulnerability of Xen hypervisors allows a perpetrator to execute arbitrary code.

The vulnerability of Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to execute arbitrary code on the host OS using the IRET hypervisor...

[SECURITY] [DLA 964-1] xen security update

Package : xen Version : 4.1.6.lts1-8 CVE ID : CVE-2016-9932 CVE-2017-7995 CVE-2017-8903 CVE-2017-8904 CVE-2017-8905 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9932 XSA-200...