CVE-2016-9385

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service host crash by leveraging lack of canonical address checks...

Ubuntu 16.10 : linux vulnerabilities (USN-3170-1)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Andrey Konovalov discovered that signed integer overflows...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3168-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3168-1 advisory. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local...

Ubuntu: Security Advisory (USN-3167-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3169-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3168-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not...

USN-3167-2: Linux kernel (OMAP4) vulnerabilities

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Baozeng Ding discovered a race condition that could lead to...

Design/Logic Flaw

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

DEBIAN-CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

Security update for xen (important)

xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...

Debian DSA-3729-1 : xen - security update

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-7777 XSA-190 Jan Beulich from SUSE discovered that Xen does not properly honor CR0.TS and CR0.EM for x86 HVM guests, potentially...

Fedora 24 : xen (2016-95c104a4c6)

xen : various security flaws 1397383 x86 null segments not always treated as unusable XSA-191, CVE-2016-9386 x86 task switch to VM86 mode mis-handled XSA-192, CVE-2016-9382 x86 segment base write emulation lacking canonical address checks XSA-193, CVE-2016-9385 x86 64-bit bit test instruction...

FreeBSD : xen-kernel -- x86 segment base write emulation lacking canonical address checks (53dbd096-ba4d-11e6-ae1b-002590263bf5)

The Xen Project reports : Both writes to the FS and GS register base MSRs as well as the WRFSBASE and WRGSBASE instructions require their input values to be canonical, or a GP fault will be raised. When the use of those instructions by the hypervisor was enabled, the previous guard against GP...

CVE-2016-9385

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service host crash by leveraging lack of canonical address checks...

x86 segment base write emulation lacking canonical address checks

ISSUE DESCRIPTION Both writes to the FS and GS register base MSRs as well as the WRFSBASE and WRGSBASE instructions require their input values to be canonical, or a GP fault will be raised. When the use of those instructions by the hypervisor was enabled, the previous guard against GP faults havi...

x86 null segments not always treated as unusable

ISSUE DESCRIPTION The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment %ds, %es, %fs and %gs selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a special...

xen-kernel -- x86 segment base write emulation lacking canonical address checks

The Xen Project reports: Both writes to the FS and GS register base MSRs as well as the WRFSBASE and WRGSBASE instructions require their input values to be canonical, or a GP fault will be raised. When the use of those instructions by the hypervisor was enabled, the previous guard against GP faul...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-08178)

Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of segment identifiers in the SRC attribute of the IFRAME element allows remote attackers to build malicious web pages that can be exploited to trick users into parsing them, which can be used to bypass t...

CVE-2015-8099

CVE-2015-8099 affects F5 BIG-IP products (multiple modules) where software SYN cookies are configured on virtual servers. Under limited conditions, an invalid TCP segment can cause a DoS (High-Speed Bridge hang) in the data plane via virtual servers. The vulnerability impacts various BIG-IP relea...