Multiple RBAC issues in XAPI

ISSUE DESCRIPTION XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-release/rbac-overview.htmlrbac-roles The pool-admin role is fully privileged. Notably, users with this role can als...

Updated xen packages fix security vulnerabilities

Double unlock in x86 guest IRQ handling. CVE-2024-31143 Xapi: Metadata injection attack against backup/restore functionality. CVE-2024-31144 Error handling in x86 IOMMU identity mapping. CVE-2024-31145 PCI device pass-through with shared resources. CVE-2024-31146 x86: Deadlock in vlapicerror...

EUVD-2012-5518

Malware in sbrugna...

EUVD-2015-2842

Malware in sbrugna...

EUVD-2011-1896

Malware in sbrugna...

EUVD-2013-4216

Malware in sbrugna...

EUVD-2019-9196

Malware in sbrugna...

EUVD-2020-18274

Malware in sbrugna...

EUVD-2013-0196

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-25595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified tha...

hisi_acc_vfio_pci: fix XQE dma address error

...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_4

This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2024-53146: NFSD: prevent a potential integer overflow bsc1234854 CVE-2024-53166: block, bfq: fix bfqq uaf in bfqlimitdepth bsc1234885 CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous ope...

Security update for xen

This update for xen fixes the following issues: CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through XSA-467 bsc1238043 Special Instructions and Notes: Please reboot the system after...

Security update for xen

This update for xen fixes the following issues: CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device pass-through bsc1238043 Other fixes: Xen channels and domU console bsc1219354 Fixed attempting to start guest vm's libxl fills disk with errors bsc1237692 Xen call trace and API...

pci: phantom functions assigned to incorrect contexts

ISSUE DESCRIPTION PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions nee...

Vulnerabilities fixed in Citrix Hypervisor

Citrix has released an update to fix vulnerabilities in Citrix hypervisor. The vulnerability with reference CVE-2023-23583 allows a local malicious party to use a virtual guest system to compromise the host system via PCI passthrough. This vulnerability is only present when the vulnerable product...

x86/AMD: mismatch in IOMMU quarantine page table levels

ISSUE DESCRIPTION The current setup of the quarantine page tables assumes that the quarantine domain domio has been initialized with an address width of DEFAULTDOMAINADDRESSWIDTH 48 and hence 4 page table levels. However domio being a PV domain gets the AMD-Vi IOMMU page tables levels based on th...

SUSE-SU-2023:4174-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion XSA-440 bsc1215744. - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled XSA-442 bsc1215746. -...

x86/AMD: missing IOMMU TLB flushing

ISSUE DESCRIPTION The caching invalidation guidelines from the AMD-Vi specification 48882—Rev 3.07-PUB—Oct 2022 is incorrect on some hardware, as devices will malfunction see stale DMA mappings if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can poi...

SUSE CVE-2022-42335

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging HAP is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handlin...