SUSE CVE-2013-1964

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service host crash, obtain sensitive information, or possibly have other impacts via unspecified vectors...

SUSE CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:3727-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3727-1 advisory. - P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

Design/Logic Flaw

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

UBUNTU-CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

lock order inversion in transitive grant copy handling

ISSUE DESCRIPTION As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, b...

OracleVM 3.2 : xen (OVMSA-2017-0149)

The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...

CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

Information disclosure

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

ALPINE-CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

UBUNTU-CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

DEBIAN-CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

CVE-2017-12135

CVE-2017-12135 concerns the Xen hypervisor grant-table handling. The connected materials show that the vulnerability involves transitive grants and a path through grant-copy handling. The core issue is in the GNTTABOP_copy path, where the fix for CVE-2017-12135 could cause the caller to receive a...

CVE-2017-12135

Xen allows local OS guest users to cause a denial of service crash or possibly obtain sensitive information or gain privileges via vectors involving transitive grants...

multiple problems with transitive grants

ISSUE DESCRIPTION 1 Code to handle copy operations on transitive grants has built in retry logic, involving a function reinvoking itself with unchanged parameters. Such use assumes that the compiler would also translate this to a so called "tail call" when generating machine code. Empirically, th...

OracleVM 3.2 : xen (OVMSA-2013-0036)

The remote OracleVM system is missing necessary patches to address critical security updates : - VT-d: don't permit SVTNOVERIFY entries for known device types Only in cases where we don't know what to do we should leave the IRTE blank suppressing all validation, but we should always log a warning...