Lucene search
+L

198 matches found

OSV
OSV
added 2024/11/12 4:14 p.m.22 views

SUSE-SU-2024:3980-1 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling bsc1232622 - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables bsc1232624 - CVE-2024-45817: xen: x86: Deadlock in vlapicerror bsc1230366...

7.3CVSS6.3AI score0.00544EPSS
Exploits0References9
OSV
OSV
added 2024/11/12 4:13 p.m.18 views

SUSE-SU-2024:3979-1 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling bsc1232622 - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables bsc1232624 Non-security issue fixed: - Xen host hung at boot up with repeated 'X...

6.5CVSS5.9AI score0.003EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2024/11/12 12:19 p.m.5 views

Security update for xen

This update for xen fixes the following issues: CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling XSA-463 bsc1232622. CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables XSA-464 bsc1232624. Bug fixes: Remove usage of net-tools-deprecated from supportconfig plugin...

8.2CVSS6.3AI score0.003EPSS
Exploits0References10
OSV
OSV
added 2024/11/12 12:19 p.m.13 views

SUSE-SU-2024:3977-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling XSA-463 bsc1232622. - CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables XSA-464 bsc1232624. Bug fixes: - Remove usage of net-tools-deprecated from supportconfig...

6.5CVSS5.9AI score0.003EPSS
Exploits0References6
Xen Project
Xen Project
added 2024/11/12 12:0 p.m.25 views

libxl leaks data to PVH guests via ACPI tables

ISSUE DESCRIPTION PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is...

5.5CVSS5.9AI score0.003EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/01 12:0 a.m.40 views

Debian dla-3778 : libnss-libvirt - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3778 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3778-1 [email protected]...

7.2CVSS6.7AI score0.02363EPSS
Exploits2References24
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.4 views

SUSE CVE-2013-4329

The xenlight library libxl in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction...

6.5CVSS6.7AI score0.00531EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.2 views

SUSE CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver libxl/libxldriver.c in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service invalid free operation and crash or possibly execute arbitrary code via an inactive domain to t...

5.2CVSS7.6AI score0.00659EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.9 views

SUSE CVE-2015-7311

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image...

3.6CVSS6.5AI score0.00417EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.6 views

SUSE CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service memory and disk consumption by starting domains...

7.8CVSS6.6AI score0.02043EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:2 a.m.4 views

SUSE CVE-2016-4963

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service management tool confusion by manipulating information in the backend directories in xenstore...

4.7CVSS6.1AI score0.00297EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:2 a.m.1 views

SUSE CVE-2016-4962

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service resource consumption or management facility confusion or gain host OS privileges by manipulating information in guest controlled areas of xenstore...

6.7CVSS6.2AI score0.00399EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.7 views

SUSE CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

5.5CVSS6.7AI score0.02554EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.6 views

SUSE CVE-2020-15566

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: 1 port is already in use, 2 the memory allocation failed, or...

6.5CVSS6.6AI score0.00409EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.3 views

SUSE CVE-2021-4147

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition...

7.1CVSS8.1AI score0.00233EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.5 views

SUSE CVE-2021-28687

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of...

5.5CVSS9.3AI score0.00314EPSS
Exploits0References11
OSV
OSV
added 2023/01/26 9:16 p.m.4 views

DEBIAN-CVE-2022-42330

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...

7.5CVSS7.6AI score0.01362EPSS
Exploits0References1
OSV
OSV
added 2022/05/02 5:1 p.m.11 views

USN-5399-1 libvirt vulnerabilities

It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...

7.2CVSS6.8AI score0.01366EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2022/05/02 5:1 p.m.117 views

USN-5399-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...

7.2CVSS6.5AI score0.01366EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/05/02 12:0 a.m.40 views

Ubuntu 18.04 LTS / 20.04 LTS : libvirt vulnerabilities (USN-5399-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5399-1 advisory. It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvir...

7.2CVSS6.6AI score0.01366EPSS
Exploits1References7
Rows per page
Query Builder