24 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-17340
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests...
CVE-2021-28705
issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...
SUSE CVE-2018-12891
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions...
SUSE CVE-2018-19964
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service host OS hang because the p2m lock remains unavailable indefinitely in certain error conditions...
SUSE CVE-2019-17340
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled...
SUSE CVE-2019-17347
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux and possibly other guest kernels...
SUSE CVE-2019-19582
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service infinite loop because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which...
race in VT-d domain ID cleanup
ISSUE DESCRIPTION Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping...
CVE-2022-23035
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...
CVE-2021-28705
issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...
UBUNTU-CVE-2021-28705
issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...
UBUNTU-CVE-2021-28709
issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...
DEBIAN-CVE-2021-28708
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2021-28707
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2020-29040
An off-by-one flaw was found in one of the two patches for CVE-2020-27671 XSA-346. This flaw allows malicious x86 HVM and PVH guests to cause host data corruption and data leaks, resulting in a denial of service or potential privilege escalation. The highest threat from this vulnerability is to...
ALPINE-CVE-2019-19582
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service infinite loop because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which...
UBUNTU-CVE-2019-18420
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOPinitialise hypercall. hypercallcreatecontinuation is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format...
UBUNTU-CVE-2017-15590
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because MSI mapping was mishandled...
Debian DLA-1128-1 : qemu-kvm security update
Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu. CVE-2017-14167 Incorrect validation of multiboot headers could result in the execution of arbitrary code. CVE-2017-15038 When using...
[SECURITY] [DLA 1128-1] qemu-kvm security update
Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u24 CVE ID : CVE-2017-14167 CVE-2017-15038 Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu. CVE-2017-14167 Incorrect validation of...