27 matches found
kernel security and bug fix update
2.6.32-754.18.2.OL6 - Update genkey bug 25599697 2.6.32-754.18.2 - x86 x86/speculation: Enable Spectre v1 swapgs mitigations Waiman Long 1724512 CVE-2019-1125 - x86 x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations Waiman Long 1724512 CVE-2019-1125 2.6.32-754.18.1 - virt xenbu...
Fedora 30 : xen (2019-53b0dc52ee)
xen: various flaws 1685577 grant table transfer issues on large hosts XSA-284 race with pass-through device hotplug XSA-285 x86: stealpage violates pagestruct access discipline XSA-287 x86: Inconsistent PV IOMMU discipline XSA-288 missing preemption in x86 PV page table unvalidation XSA-290 x86/P...
Fedora 28 : xen (2019-bce6498890)
xen: various flaws 1685577 grant table transfer issues on large hosts XSA-284 race with pass-through device hotplug XSA-285 x86: stealpage violates pagestruct access discipline XSA-287 x86: Inconsistent PV IOMMU discipline XSA-288 missing preemption in x86 PV page table unvalidation XSA-290 x86/P...
x86: insufficient TLB flushing when using PCID
ISSUE DESCRIPTION Use of Process Context Identifiers PCID was introduced into Xen in order to improve performance after XSA-254 and in particular its Meltdown sub-issue. This enablement implied changes to the TLB flushing logic. The particular case of context switch to a vCPU of a PCID-enabled...
x86 shadow: Insufficient TLB flushing when using PCID
ISSUE DESCRIPTION Use of Process Context Identifiers PCID was introduced into Xen in order to improve performance after XSA-254 and in particular its Meltdown sub-issue. This enablement implied changes to the TLB flushing logic. One aspect which was overlooked is the safety of switching between...
x86: DoS from attempting to use INVPCID with a non-canonical addresses
ISSUE DESCRIPTION The INVPCID instruction raises GP0 if an attempt is made to invalidate a non-canonical address. Older flushing mechanisms such as INVLPG tolerate this without error, and perform no action. There is one guest accessible path in Xen where a non-canonical address was passed into th...
Unbreakable Enterprise kernel security update
4.1.12-112.14.10 - x86/ia32: save and clear registers on syscall. Jamie Iles Orabug: 27355759 CVE-2017-5754 - x86/IBRS: Save current status of MSRIA32SPECCTRL Boris Ostrovsky Orabug: 27355887 - pti: Rename X86FEATUREKAISER to X86FEATUREPTI Pavel Tatashin Orabug: 27352353 CVE-2017-5754 - usb/core:...