100 matches found
UBUNTU-CVE-2017-17566
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...
ALPINE-CVE-2017-17566
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...
ALPINE-CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...
CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...
CVE-2017-17563
CVE-2017-17563 affects the Xen hypervisor (through 4.9.x) where a bug in the reference-count overflow check in shadow mode allows a guest OS user to cause a host-OS denial of service (host crash) or gain host privileges. The issue comes from an incorrect mask in reference-count overflow checking....
CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...
CVE-2017-17566
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...
CVE-2017-17564
CVE-2017-17564 affects the Xen hypervisor (up to 4.9.x). Vulnerability arises from incorrect error handling for reference counting in shadow mode, allowing a guest OS user to crash the host OS or gain host privileges. Exploitation details are not provided in the initial document, but related conn...
CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...
CVE-2017-17563
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode...
improper x86 shadow mode refcount error handling
ISSUE DESCRIPTION Pages being used to run x86 guests in shadow mode are reference counted to track their uses. When another reference cannot be acquired, the corresponding page table entry must not be inserted. Due to incorrect error handling, this constraint could be violated. IMPACT A malicious...
broken x86 shadow mode refcount overflow check
ISSUE DESCRIPTION Pages being used to run x86 guests in shadow mode are reference counted to track their uses. Unfortunately the overflow check when trying to obtain a new reference used a mask one bit wider than the reference count actually is, rendering the entire check ineffective. IMPACT A...
x86 PV guests may gain access to internally used pages
ISSUE DESCRIPTION Memory management for PV guests builds on page ownership and page attributes. A domain can always map, at least r/o, pages of which it is the owner. Certain fields in the control structure of a page are used for different purposes in the main PV memory management code and in cod...
Xen Denial of Service Vulnerability (CNVD-2016-02455)
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
Design/Logic Flaw
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
CVE-2016-1571
CVE-2016-1571 affects Xen 3.3.x–4.6.x. When shadow paging or nested virtualization is enabled, a local HVM guest can trigger the hypervisor bug check via a non-canonical guest address in an INVVPID instruction, causing a host crash (DoS). The description does not specify a vendor patch or fixed v...
CVE-2016-1571
The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...
VMX: intercept issue with INVLPG on non-canonical address
ISSUE DESCRIPTION While INVLPG does not cause a General Protection Fault when used on a non-canonical address, INVVPID in its "individual address" variant, which is used to back the intercepted INVLPG in certain cases, fails in such cases. Failure of INVVPID results in a hypervisor bug check...