25 matches found
SUSE-SU-2021:3977-1 Security update for xen
This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACEgranttable handling XSA-384 bsc1189632. - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD...
openSUSE 15 Security Update : xen (openSUSE-SU-2021:3968-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3968-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified via...
openSUSE 15 Security Update : xen (openSUSE-SU-2021:1543-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1543-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified via...
Security update for xen (moderate)
openSUSE Security Update: Security update for xen Announcement ID: openSUSE-SU-2021:3968-1 Rating: moderate References: 1027519 1191363 1192554 1192557 1192559 Cross-References: CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores:...
OPENSUSE-SU-2021:1543-1 Security update for xen
This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs XSA-388 bsc1192557. - CVE-2021-28705, CVE-2021-28709: Fixed issues...
Debian DSA-5017-1 : xen - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5017 advisory. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. For the...
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2021:3888-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3888-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified...
SUSE-SU-2021:3888-1 Security update for xen
This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs XSA-388 bsc1192557. - CVE-2021-28705, CVE-2021-28709: Fixed issues...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2021:3852-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3852-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Region...
SUSE SLES15 Security Update : xen (SUSE-SU-2021:3842-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3842-1 advisory. - Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of...
SUSE SLES12 Security Update : xen (SUSE-SU-2021:3813-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3813-1 advisory. - PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...
CVE-2021-28704
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28707
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
Design/Logic Flaw
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28707
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28708
Xen PoD (populate-on-demand) handling contains a misalignment in base page frame number checks for certain hypercalls (XENMEM_decrease_reservation and XENMEM_populate_physmap). This affects x86 HVM/PVH guests and may allow out-of-bounds page-range operations; in particular, XENMEM_decrease_reserv...
CVE-2021-28704
CVE-2021-28704 is a Xen hypervisor PoD-related vulnerability. PoD mode can start x86 HVM/PVH guests with on-demand memory and allow domains to issue P2M hypercalls that operate on page ranges; the base page frame number (PFN) alignment isn’t enforced for certain orders, enabling misalignment in X...
CVE-2021-28704
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28708
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28704
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...