226 matches found
PT-2024-10469
Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description The issue is related to the construction of ACPI tables for PVH guests by the toolstack, which involves building the tables in local memory before copying them into guest memory. The excess space...
CLSA-2024-1721660263 Fix of 96 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-35902 - net/rds: fix possible cp null dereference CVE-url: https://ubuntu.com/security/CVE-2024-38587 - speakup: Fix sizeof vs ARRAYSIZE bug CVE-url: https://ubuntu.com/security/CVE-2024-39493 - crypto: qat - Fix ADFDEVRESETSYNC memory leak CVE-url:...
DEBIAN-CVE-2021-4440
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...
PT-2024-11037 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the x86/xen paravirt call in the Linux kernel. Specifically, the USERGS SYSRET64 call is used to return from a syscall via SYSRET, but a Xen PV guest wi...
DEBIAN-CVE-2024-26816
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the "startupxen" entry point. This information is used prior to booting th...
UBUNTU-CVE-2024-26816
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the "startupxen" entry point. This information is used prior to booting th...
DEBIAN-CVE-2021-47112
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features Async PF, PV EOI, steal time work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all these features to ma...
UBUNTU-CVE-2021-47112
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features Async PF, PV EOI, steal time work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all these features to ma...
DEBIAN-CVE-2023-34322
For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on th...
OESA-2023-1896 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used...
UBUNTU-CVE-2023-1544
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...
PT-2023-2365
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a...
SUSE CVE-2010-4255
The fixuppagefault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handlegdtldtmappingfault function, which allows guest OS users to cause a denial of service host OS BUGON via a...
SUSE CVE-2011-1166
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service host crash by specifying user mode execution without user-mode pagetables...
SUSE CVE-2013-1917
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service hypervisor crash by triggering a GP fault, which is not properly handled by another IRET instruction...
SUSE CVE-2014-8594
The dommuupdate function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service NULL pointer dereference by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging...
SUSE CVE-2015-4164
The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...
SUSE CVE-2015-7835
The modl2entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping...
SUSE CVE-2017-8905
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...
SUSE CVE-2017-14319
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence ...