EUVD-2025-37346

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

ALPINE-CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

UBUNTU-CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

CVE-2025-58149

CVE-2025-58149 affects the Xen hypervisor. The detach logic for PCI devices fails to remove access permissions to 64‑bit memory BARs when a device is unplugged, allowing PV guests to access memory of devices no longer assigned to them (HVM implications noted with required compromised device model...

CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

PT-2025-44620

Name of the Vulnerable Software and Affected Versions libxl affected versions not specified Description The detach logic in libxl does not remove access permissions to 64-bit memory BARs when passing through PCI devices. This can allow a domain to retain access to these memory BARs even after the...

Incorrect removal of permissions on PCI device unplug

ISSUE DESCRIPTION When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the...

EUVD-2016-5937

Malware in sbrugna...

EUVD-2015-8225

Malware in sbrugna...

EUVD-2019-0255

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-12892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an...

Linux Distros Unpatched Vulnerability : CVE-2021-4147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting ...

Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop bsc1223849 Non-security issue fixed: libxl: Fix domxml-to-native conversion bsc1222584 qemu: Fix migration with custom XML bsc1226492 Patch...

SUSE-SU-2025:20012-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop bsc1223849 Non-security issue fixed: - libxl: Fix domxml-to-native conversion bsc1222584 - qemu: Fix migration with custom XML bsc1226492...

The vulnerability of Xen hypervisors, related to the lack of memory release after the effective lifespan, allows a malicious actor to gain access to confidential information.

The vulnerability of Xen hypervisors is related to data leaks in the libxl library, as well as the lack of memory release after the effective lifespan of the components. Exploiting this vulnerability can allow an attacker to access confidential information...

CVE-2024-45819 libxl leaks data to PVH guests via ACPI tables

PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prio...

Security update for xen

This update for xen fixes the following issues: CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling XSA-463 bsc1232622. CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables XSA-464 bsc1232624. Bug fixes: Remove usage of net-tools-deprecated from supportconfig plugin...

SUSE-SU-2024:4116-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling XSA-463 bsc1232622. - CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables XSA-464 bsc1232624. Bug fixes: - Remove usage of net-tools-deprecated from supportconfig...

SUSE-SU-2024:4073-1 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling bsc1232622 - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables bsc1232624 - CVE-2024-45817: xen: x86: Deadlock in vlapicerror bsc1230366...