13 matches found
varstored: TOCTOU issues with mapped guest memory
ISSUE DESCRIPTION varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the...
EUVD-2013-4253
Malware in sbrugna...
SUSE CVE-2022-42330
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
CVE-2022-42330
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
CVE-2022-42330
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
ALPINE-CVE-2022-42330
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
Design/Logic Flaw
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
CVE-2022-42330
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
CVE-2022-42330
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...
DEBIAN-CVE-2021-28687
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of...
CVE-2015-8341
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service memory and disk consumption by starting domains...
HVM qemu unexpectedly enabling emulated VGA graphics backends
ISSUE DESCRIPTION When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these default...
CVE-2013-4371
Use-after-free vulnerability in the libxllistcpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service heap corruption and crash...