5611 matches found
Double free
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service memory corruption and hypervisor crash and possibly...
CVE-2014-1642
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service memory corruption and hypervisor crash and possibly...
CVE-2014-1642
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service memory corruption and hypervisor crash and possibly...
CVE-2014-1642
CVE-2014-1642 affects Xen 4.2.x and 4.3.x when using device passthrough with large CPU counts. The IRQ setup frees memory that may still be in use, causing memory corruption and a hypervisor crash. Local guest administrators can trigger a denial of service, and, via the out-of-memory path, may ex...
Out-of-memory condition yielding memory corruption during IRQ setup
ISSUE DESCRIPTION When setting up the IRQ for a passed through physical device, a flaw in the error handling could result in a memory allocation being used after it is freed, and then freed a second time. This would typically result in memory corruption. IMPACT Malicious guest administrators can...
Important: Red Hat Security Advisory: rhev-hypervisor6 security update
An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...
[SECURITY] Fedora 20 Update: openstack-nova-2013.2.1-2.fc20
OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...
Weak Password Used to Access Hypervisor, Deface OpenSSL Site
The OpenSSL Project blames a weak password used at its hosting provider for its recent site defacement. The organization that hosts the ubiquitous open source encryption implementation updated a notice on its website yesterday informing users that attackers used the weak credential to gain contro...
OpenSSL Hacked and Defaced
UPDATE: A Turkish hacking group compromised and defaced over the weekend the website of OpenSSL, an open-source SSL and TLS encryption implementation resource. The website Zone-H is hosting a mirror of the defacement, in which the hacking group responsible for the attack posted the following...
libvirt "lxcDomainGetMemoryParameters()"拒绝服务漏洞
CVE ID:CVE-2013-6436 Libvirt库是一款实现Linux虚拟化功能的Linux API,它支持各种Hypervisor,包括Xen和KVM,以及QEMU和用于其他操作系统的一些虚拟产品。 Libvirt中"lxcDomainGetMemoryParameters"函数lxc/lxcdriver.c存在一些错误,允许攻击者利用漏洞向没有运行的LXC域发送"virsh memtune"命令触发空指针引用,造成拒绝服务攻击。 0 libvirt 1.x 厂商补丁: Libvirt ----- 用户可参考如下厂商提供的安全公告获得补丁信息:...
Fedora Update for xen FEDORA-2013-23457
Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2013-23457 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Fedora Update for xen FEDORA-2013-23466
Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2013-23466 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Null pointer dereference
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging HAP, allows guest users to cause a denial of service invalid pointer dereference and hypervisor crash via the SAHF instruction...
CVE-2011-2519
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging HAP, allows guest users to cause a denial of service invalid pointer dereference and hypervisor crash via the SAHF instruction...
Design/Logic Flaw
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...
CVE-2010-0430
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...
CVE-2010-0430
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...
[SECURITY] Fedora 19 Update: xen-4.2.3-12.fc19
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 18 Update: xen-4.2.3-12.fc18
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
CVE-2013-4553
The XENDOMCTLgetmemlist hypercall in Xen 3.4.x through 4.3.x possibly 4.3.1 does not always obtain the pagealloclock and mmrwlock in the same order, which allows local guest administrators to cause a denial of service host deadlock...