CVE-2013-2072

CVE-2013-2072 is a buffer overflow in the Python bindings for xc_vcpu_setaffinity in Xen 4.0.x–4.2.x. Local administrators with VCPU affinity configuration permissions could trigger memory corruption, toolstack crashes, and potentially privilege escalation via a crafted cpumap. Connected advisori...

libxl allows guest write access to sensitive console related xenstore keys

ISSUE DESCRIPTION The libxenlight libxl toolstack library does not correctly set permissions on xenstore keys relating to paravirtualised and emulated serial console devices. This could allow a malicious guest administrator to change values in xenstore which the host later relies on being...

Fedora 19 : xen-4.2.2-5.fc19 (2013-8513)

xend toolstack doesn't check bounds for VCPU affinity XSA-56, CVE-2013-2072 xen-devel should require libuuid-devel, pygrub menu items can include too much text Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

qemu-nbd format-guessing due to missing format specification

ISSUE DESCRIPTION The qemu-nbd tool shipped in the Xen hypervisor tools distribution as qemu-nbd-xen autodetects the image format. If a particular disk image is intended to be raw, a guest operating system administrator could write a header to the image, describing another format than original on...