The vulnerability of the Mac OS X operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Hypervisor component in the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an intruder, acting locally, to obtain confidential information using uncertain vectors...

[SECURITY] Fedora 24 Update: xen-4.6.5-5.fc24

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Microsoft Windows Hyper-V Remote Denial of Service Vulnerability (CNVD-2017-05722)

Microsoft Windows is the popular computer operating system. A remote denial of service vulnerability exists in Microsoft Windows Hyper-V, which can be exploited by an attacker to cause the host computer to crash...

Xen Hypervisor xenstored Write Saturation DoS (XSA-206)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability in xenstored during processing of transactions. An attacker on the guest can exploit this vulnerability by issuing repeated writes to xenstore that...

Xen Hypervisor XENMEM_exchange Memory Disclosure (XSA-212)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an out-of-array memory access error in the memoryexchange function in file common/memory.c due to improper checking of XENMEMexchange input. An attacker on a 64-bit PV guest VM who has...

Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1184 This bug report describes a vulnerability in memoryexchange that permits PV guest kernels to write to an arbitrary virtual address with hypervisor privileges. The vulnerability was introduced through a broken fix for...

[SECURITY] Fedora 25 Update: xen-4.7.2-5.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen: broken check in memory_exchange() permits PV guest breakout（CVE-2017-7228）

Detailed analysis: Pandavirtualization: Exploiting the Xen hypervisor This bug report describes a vulnerability in memoryexchange that permits PV guest kernels to write to an arbitrary virtual address with the hypervisor privileges. The vulnerability was introduced through a broken fix for...

Pandavirtualization: Exploiting the Xen hypervisor

Posted by Jann Horn, Project Zero On 2017-03-14, I reported a bug to Xen's security team that permits an attacker with control over the kernel of a paravirtualized x86-64 Xen guest to break out of the hypervisor and gain full control over the machine's physical memory. The Xen Project publicly...

[SECURITY] Fedora 25 Update: xen-4.7.2-4.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CVE-2017-7228

An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...

CVE-2017-7228

An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...

ALPINE-CVE-2017-7228

An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...

CVE-2017-7228

An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...

CVE-2017-7228

CVE-2017-7228 refers to an XSA-212 issue in the Xen hypervisor. The root cause is an insufficient check in the XENMEM_exchange input introduced by the XSA-29 fix, which can permit a PV guest to drive hypervisor memory accesses outside of the guest-provided input/output arrays. Affected Xen branch...

CVE-2017-7228

An issue known as XSA-212 was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arra...

xen-kernel -- broken check in memory_exchange() permits PV guest breakout

The Xen Project reports: The XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing fo...

CVE-2017-2418

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors...

CVE-2017-2418

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors...

Information disclosure

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors...