15 matches found
x86: buffer overrun with shadow paging + tracing
ISSUE DESCRIPTION Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing. IMPAC...
EUVD-2022-36784
Malicious code in bioql PyPI...
EUVD-2023-38403
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-34322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped whe...
SUSE SLES15 Security Update : xen (SUSE-SU-2023:3902-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3902-1 advisory. - Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR...
SUSE SLES15 Security Update : xen (SUSE-SU-2023:3895-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3895-1 advisory. - Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:3832-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3832-1 advisory. - A division-by-zero error on some AMD processors can potentially return speculative data...
SUSE CVE-2023-34322
For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on th...
SUSE CVE-2012-3496
XENMEMpopulatephysmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service BUG triggered and host crash via invalid flags such as MEMFpopulateondemand...
DEBIAN-CVE-2022-33745
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...
UBUNTU-CVE-2022-33745
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...
CVE-2022-33745
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...
[SECURITY] [DSA 2544-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2544-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 08, 2012 http://www.debian.org/security/faq -...
DSA-2544-1 xen - denial of service
Bulletin has no description...
XENMEM_populate_physmap DoS vulnerability
ISSUE DESCRIPTION XENMEMpopulatephysmap can be called with invalid flags. By calling it with MEMFpopulateondemand flag set, a BUG can be triggered if a translating paging mode is not being used. IMPACT A malicious guest kernel can crash the host. VULNERABLE SYSTEMS All Xen systems running PV...