28 matches found
Incorrect removal of permissions on PCI device unplug
ISSUE DESCRIPTION When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the...
Linux Distros Unpatched Vulnerability : CVE-2021-28039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0...
ALPINE-CVE-2024-45819
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prio...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from th...
DEBIAN-CVE-2023-46836
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
SUSE CVE-2023-46836
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...
SUSE CVE-2012-2934
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service host hang via sequential execution of instructions across a non-canonical boundary, a different...
SUSE CVE-2012-5513
The XENMEMexchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service crash or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range...
SUSE CVE-2017-7995
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the getuser function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL...
SUSE CVE-2021-28039
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...
DEBIAN-CVE-2021-28039
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...
ALPINE-CVE-2020-27674
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...
Xen PCI Elevation of Privilege Vulnerability
Xen is an open source virtual machine monitor product. A security vulnerability exists in Xen PCI device handling that can be exploited by an attacker to allow a local PV guest to submit special requests that can elevate privileges...
USN-3931-2: Linux kernel (HWE) vulnerabilities
USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirsk...
USN-3931-1 linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities
M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...
USN-3931-1: Linux kernel vulnerabilities
M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...
PT-2018-11456 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.11 Description: An issue in Xen allows a malicious PV guest to crash the system, leading to a Denial of Service. The vulnerability can be triggered by a guest and is caused by an oversight in safety checks added to...
ALPINE-CVE-2018-7540
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service host OS CPU hang via non-preemptable L3/L4 pagetable freeing...
ALPINE-CVE-2017-17565
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P...
UBUNTU-CVE-2017-15593
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service memory leak because reference counts are mishandled...