5612 matches found
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
DEBIAN-CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...
CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
Design/Logic Flaw
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
UBUNTU-CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...
CVE-2016-1571
CVE-2016-1571 affects Xen 3.3.x–4.6.x. When shadow paging or nested virtualization is enabled, a local HVM guest can trigger the hypervisor bug check via a non-canonical guest address in an INVVPID instruction, causing a host crash (DoS). The description does not specify a vendor patch or fixed v...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
VMX: intercept issue with INVLPG on non-canonical address
ISSUE DESCRIPTION While INVLPG does not cause a General Protection Fault when used on a non-canonical address, INVVPID in its "individual address" variant, which is used to back the intercepted INVLPG in certain cases, fails in such cases. Failure of INVVPID results in a hypervisor bug check...
PV superpage functionality missing sanity checks
ISSUE DESCRIPTION The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various forms of...
xen-kernel -- VMX: intercept issue with INVLPG on non-canonical address
The Xen Project reports: While INVLPG does not cause a General Protection Fault when used on a non-canonical address, INVVPID in its "individual address" variant, which is used to back the intercepted INVLPG in certain cases, fails in such cases. Failure of INVVPID results in a hypervisor bug...
xen-kernel -- PV superpage functionality missing sanity checks
The Xen Project reports: The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various...
The vulnerability of Xen hypervisors, which allows a perpetrator to trigger a service failure or exert other effects
The vulnerabilities of functions XENMEMincreasereservation, XENMEMpopulatephysmap, XENMEMexchange, and HYPERVISORmemoryop in the hypervisor are related to deficiencies in mandatory input validation for page input operations. Exploiting these vulnerabilities can allow an attacker acting locally to...
The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure
The vulnerability of the libxl toolstack library in Xen hypervisors lies in the improper implementation of the file mapping procedures used by kernels and disks during initial initialization when working with domains within the same process. Exploiting this vulnerability can allow a malicious act...
Updated kernel-tmb packages provides 4.1 longterm kernel and fixes security issues
This kernel-tmb update provides an upgrade to the upstream 4.1 longterm kernel series, currently based on 4.1.15 and resolves at least the following security issues: It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the addkey functio...
FreeBSD : xen-kernel -- ioreq handling possibly susceptible to multiple read issue (6aa2d135-b40e-11e5-9728-002590263bf5)
The Xen Project reports : Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device...
[SECURITY] Fedora 22 Update: xen-4.5.2-6.fc22
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
Xen 'ioreq' Remote Code Execution Vulnerability
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A remote code execution vulnerabilit...