kernel: KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler

In the Linux kernel, the following vulnerability has been resolved: KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler We do check for target CPU == -1, but this might change at the time we are going to use it. Hold the physical target CPU in a local variable to avoid...

Denial Of Service (DoS)

xen is vulnerable to denial of service. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service DoS to the entire host...

SUSE SLES11 Security Update : xen (SUSE-SU-2018:1203-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1177-1) (Meltdown)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

CVE-2017-15596

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service prevent physical CPU usage because of lock mishandling upon detection of an add-to-physmap error...

CVE-2017-15596

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service prevent physical CPU usage because of lock mishandling upon detection of an add-to-physmap error...

add-to-physmap error paths fail to release lock on ARM

ISSUE DESCRIPTION When dealing with the grant map space of add-to-physmap operations, ARM specific code recognizes a number of error conditions, but fails to release a lock being held on the respective exit paths. IMPACT A malicious guest administrator can cause a denial of service. Specifically,...

FreeBSD : xen-kernel -- Long latency populate-on-demand operation is not preemptible (83350009-881e-11e5-ab94-002590263bf5)

The Xen Project reports : When running an HVM domain in Populate-on-Demand mode, Xen would sometimes search the domain for memory to reclaim, in response to demands for population of other pages in the same domain. This search runs without preemption. The guest can, by suitable arrangement of its...

xen-kernel -- CPU lockup during exception delivery

The Xen Project reports: A malicious HVM guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant, perhaps indefinite period. If a host watchdog Xen or dom0 is in use, this can lead to a watchdog timeout and consequently a reboot of the host...

xen-kernel -- Long latency populate-on-demand operation is not preemptible

The Xen Project reports: When running an HVM domain in Populate-on-Demand mode, Xen would sometimes search the domain for memory to reclaim, in response to demands for population of other pages in the same domain. This search runs without preemption. The guest can, by suitable arrangement of its...

CVE-2012-6333

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service physical CPU consumption via a large input...

CVE-2012-6333

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service physical CPU consumption via a large input...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121204)

Security fixes : - A race condition in the way asynchronous I/O and fallocate interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. CVE-2012-4508, Important - A flaw in the way the Xen hypervisor implementation range checked guest provided...

several HVM operations do not validate the range of their inputs

ISSUE DESCRIPTION Several HVM control operations do not check the size of their inputs and can tie up a physical CPU for extended periods of time. In addition dirty video RAM tracking involves clearing the bitmap provided by the domain controlling the guest e.g. dom0 or a stubdom. If the size of...