Debian: Security Advisory (DLA-699-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-9637

The 1 ioportread and 2 ioportwrite functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access...

Design/Logic Flaw

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service host hang or crash by modifying the instruction stream asynchronously while performing certain kernel operations...

CVE-2016-9383

CVE-2016-9383 affects Xen when running on a 64‑bit hypervisor. The issue stems from broken emulation of bit test instructions, allowing a local x86 guest to modify arbitrary host memory and potentially obtain sensitive data, crash the host, or execute code on the host. Connected sources describe ...

CVE-2016-7777

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it...

CVE-2016-7094

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update...

Buffer overflow

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update...

CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

Buffer overflow

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

CVE-2015-4105

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service host disk consumption via certain invalid operations...

UBUNTU-CVE-2015-4103

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service host interrupt handling confusion via vectors related to qemu and accessing spanning multiple fields...

CVE-2015-2752

The CVE-2015-2752 issue affects Xen 3.2.x–4.5.x (PCI passthrough) where the XEN_DOMCTL_memory_mapping hypercall is not preemptible, enabling local x86 HVM users to cause host CPU exhaustion (DoS) via crafted device-model requests (qemu-dm). Public advisories in Debian (DLA-479-1) and Mageia (MGAS...

CVE-2014-9066

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability than...