CVE-2023-46836

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

CVE-2023-46836

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

Type confusion

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

CVE-2023-46836

The CVE pertains to Xen virtualization. The issue is a race condition where mitigations for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe; one entry path remains with interrupts enabled, and combined with the Meltdown XPTI fix (XSA-254) this was ...

CVE-2023-46836

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

CVE-2023-46836 x86: BTC/SRSO fixes not fully effective

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

Race Condition

Xen is vulnerable to Race Condition. The vulnerability is caused due to the two mitigations XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow not active because it was believed that the mitigations always operated in contexts with IRQs disabled due to original XSA-254 fi...

SUSE SLES11 Security Update : xen (SUSE-SU-2019:13921-1)

This update for xen fixes the following issues : Security vulnerabilities fixed : CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service DoS affecting the enti...

openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)

This update for xen fixes the following issues : Update to Xen 4.10.2 bug fix release bsc1027519. Security vulnerabilities fixed : - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, m...

Fedora 26 : xen (2018-eb69078020)

Information leak via crafted user-supplied CDROM XSA-258 1571867 x86: PV guest may crash Xen with XPTI XSA-259 1571878 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

x86: PV guest may crash Xen with XPTI

ISSUE DESCRIPTION The workaround for the Meltdown vulnerability XSA-254 failed to deal with an error code path connecting the INT 80 handling with general exception handling. This results in an unconditional write attempt of the value zero to an address near 2^64, in cases where a PV guest has no...

Fedora 26 : xen (2018-0746dac335)

update Xen page-table isolation XPTI mitigation and add Branch Target Injection BTI mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing XSA-252 1549568 grant table v2 - v1 transition may crash Xen XSA-255 1549570 x86 PVH guest without LAPIC may DoS the host XSA-256 1549572 Note...

Fedora 27 : xen (2018-c553a586c8)

add Xen page-table isolation XPTI mitigation and Branch Target Injection BTI mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing XSA-252 1549568 grant table v2 - v1 transition may crash Xen XSA-255 1549570 x86 PVH guest without LAPIC may DoS the host XSA-256 1549572 Note that...