OracleVM 3.4 : xen (OVMSA-2021-0033)

The remote OracleVM system is missing necessary patches to address security updates: - IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify...

SUSE SLES12 Security Update : xen (SUSE-SU-2021:3213-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3213-1 advisory. - Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such page...

SUSE: Security Advisory (SUSE-SU-2021:3181-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:3140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-28701

Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...

CVE-2021-28701

Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...

Race condition

Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...

CVE-2021-28701

CVE-2021-28701 describes a race in Xen’s XENMAPSPACE_grant_table handling where grant-table v2 status pages can be freed while a parallel request maps them, potentially allowing a guest to retain access to freed pages. The enforcement to block new mappings during deallocation was missing. Impact ...

CVE-2021-28701

Another race in XENMAPSPACEgranttable handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches back from v2...