30 matches found
EUVD-2020-20175
Malware in sbrugna...
EUVD-2023-38407
Malicious code in bioql PyPI...
CVE-2023-34326
The caching invalidation guidelines from the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 is incorrect on some hardware, as devices will malfunction see stale DMA mappings if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory range...
Memory corruption
The caching invalidation guidelines from the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 is incorrect on some hardware, as devices will malfunction see stale DMA mappings if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory range...
CVE-2023-34326
The caching invalidation guidelines from the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 is incorrect on some hardware, as devices will malfunction see stale DMA mappings if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory range...
CVE-2023-34326 x86/AMD: missing IOMMU TLB flushing
The caching invalidation guidelines from the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 is incorrect on some hardware, as devices will malfunction see stale DMA mappings if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory range...
Denial Of Service (DoS)
xen is vulnerable to Denial Of Service DoS. The vulnerability exists due to incorrect caching invalidation guidelines in the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 on certain hardware. Updating specific fields of the DTE without flushing the IOMMU TLB can lead to device malfunctions e.g...
SUSE-SU-2023:4476-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero XSA-439 bsc1215474. - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests XSA-438 bsc1215145. - CVE-2023-34325: Multiple vulnerabilities in...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:4476-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4476-1 advisory. - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 - arm3...
Fedora 39 : xen (2023-de338d9f37)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-de338d9f37 advisory. xenstored: A transaction conflict can crash C Xenstored XSA-440, CVE-2023-34323 x86/AMD: missing IOMMU TLB flushing XSA-442, CVE-2023-34326 Multiple...
Fedora 37 : xen (2023-881672fdab)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-881672fdab advisory. xenstored: A transaction conflict can crash C Xenstored XSA-440, CVE-2023-34323 x86/AMD: missing IOMMU TLB flushing XSA-442, CVE-2023-34326 Multiple...
SUSE SLES12: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2023:4185-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4185-1 advisory. - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion XSA-440 bsc1215744. - CVE-2023-34326: Fixed ...
SUSE: Security Advisory (SUSE-SU-2023:4184-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:4054-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored XSA-440, bsc1215744 - CVE-2023-34326: Missing IOMMU TLB flushing XSA-442, bsc1215746 - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling XSA-443, bsc1215747 -...
SUSE CVE-2020-27671
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled...
CVE-2021-26348
Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity...
CVE-2021-26348
Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity...
CVE-2021-26312
Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity...
SUSE: Security Advisory (SUSE-SU-2020:3088-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege Escalation
xen is vulnerable to privilege escalation. Guest OS users are able to cause a denial of service condition which could cause a data leak and possibly gaining privileges due to the mishandling of the coalescing of per-page IOMMU TLB flushes...