EUVD-2020-21851

Malware in sbrugna...

Fedora 36 : xen (2023-04b5338dd0)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-04b5338dd0 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

Fedora 37 : xen (2023-da8315e641)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-da8315e641 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

x86/HVM pinned cache attributes mis-handling

ISSUE DESCRIPTION To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such...

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

CVE-2022-42333

CVE-2022-42333 and CVE-2022-42334 pertain to Xen Hypervisor issues: (1) CVE-2022-42333 – mis-handling of HVM pinned cache attributes when controlling domains with passed-through devices, where an interface allows overriding defaults; (2) CVE-2022-42334 – unbounded number of controlled regions and...

CVE-2021-28704

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

CVE-2021-28708

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

CVE-2021-28704

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's intern...

CVE-2020-29483

CVE-2020-29483 — Xen 4.14.x (Xenstore/Xenstored issue) Affected component: Xenstore/Xenstored communication (guest–host via shared memory page). Root cause: If a guest violates the Xenstore protocol, xenstored drops the connection by removing the guest from its internal database and sending an @r...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2864-1)

This update for xen fixes several issues: These security issues were fixed : - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host...

ALPINE-CVE-2017-15591

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers who control a stub domain kernel or tool stack to cause a denial of service host OS crash because of a missing comparison of range start to range end within the DMOP map/unmap implementation...

DEBIAN-CVE-2017-15591

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers who control a stub domain kernel or tool stack to cause a denial of service host OS crash because of a missing comparison of range start to range end within the DMOP map/unmap implementation...

Cirrus VGA Heap overflow via display refresh

ISSUE DESCRIPTION When a graphics update command gets passed to the VGA emulator, there are 3 possible modes that can be used to update the display: blank - Clears the display text - Treats the display as showing text graph - Treats the display as showing graphics After the display geometry gets...

xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo

The Xen Project reports: The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XENSYSCTLgetdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by XSA-7...