EUVD-2021-15355

Malware in sbrugna...

EUVD-2017-5820

Malware in sbrugna...

x86: Transitive Scheduler Attacks

ISSUE DESCRIPTION Researchers from Microsoft and ETH Zurich have discovered several new speculative sidechannel attacks which bypass current protections. They are detailed in a paper titled "Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks". Two issues, whi...

x86: Indirect Target Selection

ISSUE DESCRIPTION Researchers at VU Amsterdam have released Training Solo, detailing several speculative attacks which bypass current protections. One issue, which Intel have named Indirect Target Selection, is a bug in the hardware support for prediction-domain isolation. The mitigation for this...

Multiple speculative security issues

ISSUE DESCRIPTION Note: Multiple issues are contained in this XSA due to their interactions. 1 Researchers at VU Amsterdam have discovered Spectre-BHB, pertaining to the use of Branch History between privilege levels. ARM have assigned CVE-2022-23960. Intel have assigned CVE-2022-0001 Branch...

ioreq handling possibly susceptible to multiple read issue

ISSUE DESCRIPTION Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device model fo...

qemu-dm buffer overrun in MSI-X handling

ISSUE DESCRIPTION "qemu-xen-traditional" aka qemu-dm tracks state for each MSI-X table entry of a passed through device. This is used/updated on intercepted accesses to the pages containing the MSI-X table. There may be space on the final page not covered by any MSI-X table entry, but memory for...

QEMU heap overflow flaw while processing certain ATAPI commands.

ISSUE DESCRIPTION The QEMU security team has predisclosed the following advisory: A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use thi...

qemu SCSI REPORT LUNS buffer overflow

ISSUE DESCRIPTION qemu contains a possible buffer overflow in the SCSI code that implements the REPORT LUNS command. The buffer can be overflowed by creating a SCSI controller with more than 256 attached devices such as disks and sending a REPORT LUNS command with a short transfer buffer less tha...

qemu guest agent (qga) insecure file permissions

ISSUE DESCRIPTION The qemu guest agent creates files with insecure permissions when started in daemon mode. IMPACT The qemu guest agent is not used by default in Xen systems. If it is used in a particular guest, unprivileged guest processes might be able to escalate their privilege to that of the...

Several access permission issues with IRQs for unprivileged guests

ISSUE DESCRIPTION Various IRQ related access control operations may not have the intended effect, thus potentially permitting a stub domain to grant its client domain access to an IRQ it doesn't have access to itself. IMPACT Malicious or buggy stub domains kernels can mount a denial of service...