Fedora 36 : xen (2022-5b594b82ac)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-5b594b82ac advisory. Arm: unbounded memory consumption for 2nd-level page tables XSA-409, CVE-2022-33747 P2M pool freeing may take excessively long XSA-410, CVE-2022-337...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

Design/Logic Flaw

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

CVE-2022-33748 corresponds to a Xen/XenServer vulnerability where a missing cleanup call on an error path can cause lock order inversion during transitive grant copy handling (XSA-226). This can lead to nested locks acquired in opposite order between two cooperating guests, potentially causing CP...

Bad continuation handling in GNTTABOP_copy

ISSUE DESCRIPTION Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 / XSA-226 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular the status fields...

Fedora 25 : xen (2017-ed735463e3)

Qemu: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330 1457698 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort CVE-2017-10664 1466466 revised full fix for XSA-226 regressed 32-bit Dom0 or backend domains ---- full fix for XSA-226, replacing workaround drop conflic...

Security update for xen (important)

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates ...

OracleVM 3.2 : xen (OVMSA-2017-0149)

The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...

OracleVM 3.3 : xen (OVMSA-2017-0148)

The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: gnttab: correct pin status fixup for copy Regardless of copy operations only setting GNTPINhst, GNTPINdev also need to be taken into account when deciding whether to clear...

Fedora 26 : xen (2017-b8fa8e1a13)

full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems 1398590 add-to-physmap error paths fail to release lock on ARM XSA-235 1484476 Qemu: audio: host memory leakage via capture buffer CVE-2017-8309 1446521 Qemu: input: host memory leakage via...

Fedora 26 : xen (2017-f336ba205d)

Qemu: serial: host memory leakage 16550A UART emulation CVE-2017-5579 1416162 Qemu: display: cirrus: OOB read access issue CVE-2017-7718 1443444 xen: various flaws 1481765 multiple problems with transitive grants XSA-226, CVE-2017-12135 x86: PV privilege escalation via mapgrantref XSA-227,...

Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applie...