SUSE: Security Advisory (SUSE-SU-2015:0745-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : xen-tools -- Unmediated PCI command register access in qemu (79f401cd-27e6-11e5-a4a5-002590263bf5)

The Xen Project reports : HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them. Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O po...

Citrix XenServer Multiple Security Updates (CTX201145)

A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0701-1)

Xen was updated 4.4.201 to address three security issues and functional bugs. The following vulnerabilities were fixed : - Long latency MMIO mapping operations are not preemptible XSA-125, CVE-2015-2752, bnc922705 - Unmediated PCI command register access in qemu XSA-126, CVE-2015-2756, bnc922706 ...

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

OracleVM 3.2 : xen (OVMSA-2015-0058) (Venom)

The remote OracleVM system is missing necessary patches to address critical security updates : - force the fifo access to be in bounds of the allocated buffer This is CVE-2015-3456. bug 21078935 CVE-2015-3456 - xen: limit guest control of PCI command register Otherwise the guest can abuse that...

Debian Security Advisory DSA 3259-1 (qemu - security update)

Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder...

Debian DSA-3259-1 : qemu - security update (Venom)

Several vulnerabilities were discovered in the qemu virtualisation solution : - CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. - CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. -...

SuSE 11.3 Security Update : Xen (SAT Patch Number 10560)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through to guests...

Fedora 22 : xen-4.5.0-7.fc22 (2015-5295)

Long latency MMIO mapping operations are not preemptible XSA-125, CVE-2015-2752 Unmediated PCI command register access in qemu XSA-126, CVE-2015-2756 Certain domctl operations may be abused to lock up the host XSA-127, CVE-2015-2751 Note that Tenable Network Security has extracted the preceding...

Security update for xen (important)

Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs. The following vulnerabilities were fixed: - Long latency MMIO mapping operations are not preemptible XSA-125 CVE-2015-2752 bnc922705 - Unmediated PCI command register access in qemu XSA-126 CVE-2015-2756 bnc922706 -...

Unmediated PCI command register access in qemu

ISSUE DESCRIPTION HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them. Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O port range...

xen-tools -- Unmediated PCI command register access in qemu

The Xen Project reports: HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them. Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O por...