Xen Guest Destruction Memory Leak DoS (XSA-207)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by a memory leak issue due to improper cleanup during guest destruction. A guest attacker can exploit this issue, via frequent rebooting, to...

arm: memory corruption when freeing p2m pages

ISSUE DESCRIPTION When freeing pages used for stage-2 page tables, the freeing routine failed to remove these pages from an internally managed list they were put on during allocation. The same list node elements are also used by the hypervisor's page allocator. Subsequent manipulation of ARM's...

openSUSE: Security Advisory for xen (openSUSE-SU-2017:0005-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

KasperskyOS — Secure Operating System released for IoT and Embedded Systems

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers and Xen Security Advisory referenced below for details. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU proce...

[SECURITY] Fedora 25 Update: xen-4.7.1-8.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Integer overflow

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor...

CVE-2016-1889

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor...

CVE-2016-1889

The CVE-2016-1889 entry describes an integer overflow in bhyve (FreeBSD hypervisor) when a guest is configured with more than about 3GB of memory. A crafted device descriptor could allow a local attacker to gain privileges by exploiting bounds-checking overflow in memory accesses by device emulat...

[SECURITY] Fedora 25 Update: xen-4.7.1-7.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

XenServer 7 Host Crash while starting multiple Virtual Machine

XenServer 7 Hosts crashes with below call traces while trying to start multiple vGPU attached Virtual Machines. The following trace can be found in xen.log in the crash folder /var/log/crash: XEN 101632.198343 ---- Xen-4.6.1-xs128153 x8664 debug=n Not tainted ----XEN 101632.198344 CPU: 5XEN...

Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection

Posted by Gal Beniamini, Project Zero Traditionally, the operating system’s kernel is the last security boundary standing between an attacker and full control over a target system. As such, additional care must be taken in order to ensure the integrity of the kernel. First, when a system boots, t...

spice security update

CentOS Errata and Security Advisory CESA-2017:0253 An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Xen Intel VMX hvmemul_vmfunc() NULL Pointer Dereference DoS (XSA-203)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by a NULL pointer dereference flaw due to a failure to utilize necessary NULL checks before doing indirect function calls through the hvmemulvmfu...

Google Android - rkp_set_init_page_ro RKP Memory Corruption Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=984 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS...

Google Android - rkp_set_init_page_ro RKP Memory Corruption

Google Android - rkpsetinitpagero RKP Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=984 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the...

Xen SYSCALL singlestep Handling Privilege Escalation (XSA-204)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by a privilege elevation vulnerability in the instruction emulator when handling SYSCALL by single-stepping applications. This is due to incorrec...

Xen CMPXCHG8B Emulation Information Disclosure (XSA-200)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability due to a flaw in the x86 instruction CMPXCHG8B when handling prefixes. This is triggered because legac...

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=980 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS...

Google Android - cfp_ropp_new_key_reenc and cfp_ropp_new_key RKP Memory Corruption Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=979 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS...