63 matches found
EUVD-2012-3452
Malware in sbrugna...
EUVD-2012-3450
Malware in sbrugna...
K13405416: QEMU vulnerability CVE-2012-3515
Security Advisory Description Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space...
Racy interactions between dirty vram tracking and paging log dirty hypercalls
ISSUE DESCRIPTION Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dirty hypercalls. A suitably timed call to XENDMOPtrackdirtyvram can enable log dirty while another CPU is still in the process of tearing down the...
Fedora 22 : xen-4.5.1-13.fc22 (2015-fca1900745)
Qemu: net: virtio-net possible remote DoS CVE-2015-7295, create a symbolic link so libvirt VMs from xen 4.0 to 4.4 can still find qemu-dm Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
CVE-2015-7969
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service memory consumption via a large number of "teardowns" of domains with the vcpu pointer array allocated using the 1 XENDOMCTLmaxvcpus hypercall or the...
Design/Logic Flaw
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service memory consumption via a large number of "teardowns" of domains with the vcpu pointer array allocated using the 1 XENDOMCTLmaxvcpus hypercall or the...
CVE-2012-3497
1 TMEMCSAVEGETCLIENTWEIGHT, 2 TMEMCSAVEGETCLIENTCAP, 3 TMEMCSAVEGETCLIENTFLAGS and 4 TMEMCSAVEEND in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service NULL pointer dereference or memory corruption and host crash or possibly have other...
CVE-2012-6031
The dotmemget function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service CPU hang and host crash via unspecified vectors related to a spinlock being held in the "badcopy error path." NOTE: this issue was originally published as part o...
CVE-2012-6030
The dotmemop function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service host crash and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was...
CVE-2012-6035
The dotmemdestroypool function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service memory corruption and host crash or execute arbitrary code via unspecified vectors. NOTE: this issue was...
Information leak through XEN_DOMCTL_gettscinfo
ISSUE DESCRIPTION The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar bug existed in XENSYSCTLgetdomaininfolist, which is addressed by the patches provided here even though that operation was declared by XSA-77 not to provide...
Insufficient restrictions on certain MMU update hypercalls
ISSUE DESCRIPTION MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging HAP. IMPACT...
CVE-2013-1442
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain...
Information leak on AVX and/or LWP capable CPUs
ISSUE DESCRIPTION When a guest increases the set of extended state components for a vCPU saved/ restored via XSAVE/XRSTOR to date this can only be the upper halves of YMM registers, or AMD's LWP state after already having touched other extended registers restored via XRSTOR e.g. floating point or...
CVE-2013-4329
The xenlight library libxl in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction...
CVE-2013-2077
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service unhandled exception and hypervisor crash via unspecified vectors...
CVE-2013-2211
The libxenlight libxl toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors...
CVE-2013-2072
Buffer overflow in the Python bindings for the xcvcpusetaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service memory corruption and xend toolstack crash and possibly gain privileges via a crafted cpumap...
CVE-2013-2072
Buffer overflow in the Python bindings for the xcvcpusetaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service memory corruption and xend toolstack crash and possibly gain privileges via a crafted cpumap...