CVE-2014-7188

Technical details for CVE-2014-7188 are not publicly provided in the connected documents. No product/version/root-cause/impact is specified here. Monitor for updates in future disclosures.

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)

a. Bash update for multiple products. Bash libraries have been updated in multiple products to resolve multiple critical security issues, also referred to as Shellshock. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifiers CVE-2014-6271, CVE-2014-7169,...

VMware Begins to Patch Bash Issues Across Product Line

Much like Heartbleed triggered vendors to issue out of band patches to remedy vulnerabilities that popped up earlier this year, Shellshock, the Bash vulnerability, has forced vendors’ hands in a similar fashion. Virtualization firm VMware issued a progress report on fixes for four different types...

Improper MSR range used for x2APIC emulation

ISSUE DESCRIPTION The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs. Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1024 MSRs. While the write emulation path is written such that accesses to the extra MSRs would not have any bad...

Debian Security Advisory DSA 3041-1 (xen - security update)

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. OpenVAS Vulnerability Test $Id: deb3041.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated from advisory DSA 3041-1 using...

[SECURITY] Fedora 21 Update: xen-4.4.1-4.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 21 Update: xen-4.4.1-2.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

[SECURITY] Fedora 19 Update: xen-4.2.4-7.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.2-7.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Moderate: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE...

CentOS Update for kernel CESA-2014:0926 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel security update

CentOS Errata and Security Advisory CESA-2014:0926 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring Syst...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140723)

A NULL pointer dereference flaw was found in the rdsiwladdrcheck function in the Linux kernel's implementation of Reliable Datagram Sockets RDS. A local, unprivileged user could use this flaw to crash the system. CVE-2014-2678, Moderate - It was found that the Xen hypervisor implementation did...

CentOS 5 : kernel (CESA-2014:0926)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 5 : kernel (RHSA-2014:0926)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

xen: Hypervisor heap contents leaked to guests (xsa-100)

It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself...