Lucene search
K

77 matches found

debiancve
debiancve
added 2019/04/23 10:0 p.m.41 views

CVE-2019-11487

The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipefsi.h, kernel/trace/trace.c, mm/gup.c, and...

7.8CVSS7AI score0.00708EPSS
Exploits1
xen
xen
added 2017/10/24 12:0 p.m.541 views

pin count / page reference race in grant table code

ISSUE DESCRIPTION Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns...

9.1CVSS8.8AI score0.02806EPSS
Exploits0Affected Software1
citrix
citrix
added 2017/10/24 4:0 a.m.54 views

CVE-2017-15597 - Citrix XenServer Security Update

Description of Problem A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.2. The...

9.1CVSS1AI score0.02806EPSS
Exploits0Affected Software1
osv
osv
added 2015/09/03 2:59 p.m.1 views

DEBIAN-CVE-2015-6654

The xenmemaddtophysmapone function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map t...

2.1CVSS8.3AI score0.00405EPSS
Exploits0References1
osv
osv
added 2015/09/03 2:59 p.m.4 views

UBUNTU-CVE-2015-6654

The xenmemaddtophysmapone function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map t...

2.1CVSS7.3AI score0.00405EPSS
Exploits0References4
nessus
nessus
added 2015/05/20 12:0 a.m.41 views

SUSE SLES10 Security Update : Xen (SUSE-SU-2014:1691-1)

Xen has been updated to fix six security issues : - Guest effectable page reference leak in MMUMACHPHYSUPDATE handling CVE-2014-9030. - Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor CVE-2014-8867. - Missing privilege level checks in x86 emulation of far branches...

7.1CVSS8AI score0.02221EPSS
Exploits0References20
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.48 views

Xen DoS

Invalid page reference handling...

7.1CVSS1.2AI score0.02197EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.69 views

[SECURITY] [DSA 3140-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3140-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq -...

7.1CVSS2.5AI score0.02221EPSS
Exploits0
nessus
nessus
added 2015/01/28 12:0 a.m.30 views

Debian DSA-3140-1 : xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. - CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...

7.1CVSS8.1AI score0.02221EPSS
Exploits0References12
debian
debian
added 2015/01/27 10:53 a.m.76 views

[SECURITY] [DSA 3140-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3140-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq -...

7.1CVSS6.8AI score0.02221EPSS
Exploits0
openvas
openvas
added 2015/01/27 12:0 a.m.38 views

Debian Security Advisory DSA 3140-1 (xen - security update)

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...

7.1CVSS0.8AI score0.02221EPSS
Exploits0References1
nessus
nessus
added 2014/12/02 12:0 a.m.38 views

Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)

Guest effectable page reference leak in MMUMACHPHYSUPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

7.1CVSS6.6AI score0.02221EPSS
Exploits1References9
nessus
nessus
added 2014/06/13 12:0 a.m.43 views

openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)

XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc817799 - sles9sp4 guest...

9.3CVSS5.7AI score0.04904EPSS
Exploits0References40
nessus
nessus
added 2013/07/12 12:0 a.m.38 views

Fedora 17 : xen-4.1.5-9.fc17 (2013-11871)

XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='$nextentry' line in F19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as muc...

7.4CVSS7.7AI score0.00583EPSS
Exploits0References4
nessus
nessus
added 2013/07/12 12:0 a.m.33 views

Fedora 18 : xen-4.2.2-10.fc18 (2013-11874)

XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='$nextentry' line in F19 libxl: Set vfb and vkb devid if not done so by the caller Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

7.4CVSS7.7AI score0.00583EPSS
Exploits0References4
mageia
mageia
added 2013/07/01 7:17 p.m.48 views

Updated xen package fixes security issues

This update fixes the following security issues: XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV...

7.4CVSS1.3AI score0.01058EPSS
Exploits0References1
xen
xen
added 2013/06/26 12:0 p.m.58 views

Page reference counting error due to XSA-45/CVE-2013-1918 fixes

ISSUE DESCRIPTION The XSA-45/CVE-2013-1918 patch making error handling paths preemptible broke page reference counting by not retaining a reference on pages stored for deferred cleanup. This would lead to the hypervisor prematurely attempting to free the page, generally crashing upon finding the...

7.4CVSS0.7AI score0.00583EPSS
Exploits0
Rows per page
Query Builder