[SECURITY] Fedora 23 Update: xen-4.5.2-5.fc23

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Ubuntu 15.10 : linux vulnerabilities (USN-2843-1)

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 Guoyong Gang discovered th...

Debian Security Advisory DSA 3426-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local AFUNIX sockets can result in a use-after-free...

DSA-3426-1 linux - security update

Bulletin has no description...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2840-1)

Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service system crash. CVE-2015-7872 Jan Beulich discovered that the KVM svm hypervisor implementation in...

xen-kernel -- ioreq handling possibly susceptible to multiple read issue

The Xen Project reports: Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device...

UBUNTU-CVE-2015-8552

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service disk consumption by leveraging a system with access to a...

The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of the hypercallcreatecontinuation function in arch/arm/domain.c of the Xen supervisor is related to security configuration errors. Exploiting this vulnerability allows a local attacker to trigger a service failure through a specially crafted supervisor call...

The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of the KVM subsystem in Xen hypervisors is related to resource management errors. Exploiting this vulnerability can allow an attacker, operating locally, to cause service failures by repeatedly triggering exceptions related to SVMs...

The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of the Xen hypervisor’s KVM subcomponent is related to resource management errors. Exploiting this vulnerability allows an attacker, operating locally, to cause service failures by repeatedly triggering exceptions related to svm.c and vmx.c...

CVE-2015-7078

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects...

Design/Logic Flaw

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects...

CVE-2015-7078

CVE-2015-7078 is a use-after-free vulnerability in the Apple OS X Hypervisor before 10.11.2. The issue stems from a use-after-free in the hypervisor driver when handling VM objects, enabling a local attacker to gain kernel/privilege level access. Affected product: OS X (pre-10.11.2) . Impact per ...

CVE-2015-7078

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects...

Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)

The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression -...

Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedi...

Debian Security Advisory DSA 3414-1 (xen - security update)

Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. OpenVAS Vulnerability Test $Id: deb3414.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3414-1 using nvtgen 1.0 Script version:...

Moderate: Red Hat Enhancement Advisory: rhev-hypervisor bug fix, and enhancement update

Updated rhev-hypervisor packages that fix several bugs and add various enhancements are now available. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine K...

RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows...

virtual PMU is unsupported

ISSUE DESCRIPTION The Virtual Performance Measurement Unit feature has been documented as unsupported, so far only on Intel CPUs. Further issues have been found or are suspected which would also or exclusively affect AMD CPUs. We believe that the functionality is mostly intended for non-productio...