10 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-18423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEMaddtophysmap hypercall. p2m-maxmappedgfn is...
DEBIAN-CVE-2020-15563
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...
Design/Logic Flaw
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest...
x86/PV: page type reference counting issue with failed IOMMU update
ISSUE DESCRIPTION When an x86 PV domain has a passed-through PCI device assigned, IOMMU mappings may need to be updated when the type of a particular page changes. Such an IOMMU operation may fail. In the event of failure, while at present the affected guest would be forcibly crashed, the already...
CVE-2018-7542
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service NULL pointer dereference and hypervisor crash by leveraging the mishandling of configurations that lack a Local APIC...
CVE-2017-12855
Xen maintains the GTFread,writing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the...
DEBIAN-CVE-2017-10922
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service loss of grant trackability, aka XSA-224 bug 3...
CVE-2017-8904
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...
CVE-2016-10025
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...
Null pointer dereference
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...