PT-2025-13340 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version containing commit f1e525009493 Description: A vulnerability in the Linux kernel has been resolved, related to the Advanced Configuration and Power Interface ACPI handling when suspending the system...

FreeBSD : xen-tools -- libxl leak of pv kernel and initrd on error (5d1d4473-b40d-11e5-9728-002590263bf5)

The Xen Project reports : When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain e.g. pygrub libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain. However if building th...

Fedora 18 : xen-4.2.2-6.fc18 (2013-10136)

Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...

Fedora 19 : xen-4.2.2-6.fc19 (2013-9986)

Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...

Fedora 17 : xen-4.1.5-5.fc17 (2013-10247)

Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...

Multiple vulnerabilities in libelf PV kernel handling

ISSUE DESCRIPTION The ELF parser used by the Xen tools to read domains' kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems. This corresponds to the following CVEs: CVE-2013-2194 XEN XSA-55 intege...

Host crash due to failure to correctly validate PV kernel execution state

ISSUE DESCRIPTION Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host. nb: predates vulnerability handling process and therefore no formal announcement...