OracleVM 3.4 : xen (OVMSA-2020-0038)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=4e20c4a527d177048e77b2daa6201731fdcdc584 - BUILDINFO: QEMU upstream...

OracleVM 3.4 : xen (OVMSA-2018-0028) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=bf523bc61677448cb7bb79980d6969896d005bd5 - BUILDINFO: QEMU upstream...

Cirrus VGA Heap overflow via display refresh

ISSUE DESCRIPTION When a graphics update command gets passed to the VGA emulator, there are 3 possible modes that can be used to update the display: blank - Clears the display text - Treats the display as showing text graph - Treats the display as showing graphics After the display geometry gets...

Unrestricted qemu logging

ISSUE DESCRIPTION When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. IMPACT The disk...