Xen up to and including 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen
hypervisor, which may lead to privilege escalation, guest-to-host
breakout, denial of service or information leaks
In additional to the CVE identifiers listed above, this update also
addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215
For the stable distr ...
Debian Bug report logs -
#861662
possible memory corruption via failsafe callback [XSA-215]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:12:01 UTC
Severity: important
Tags: fixed-upst ...
Debian Bug report logs -
#845667
xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host data
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:45:07 UTC
Severity: important
T ...
Debian Bug report logs -
#861660
grant transfer allows PV guest to elevate privileges [XSA-214]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:08 UTC
Severity: important
Tags: fixed- ...
Debian Bug report logs -
#861659
64bit PV guest breakout [XSA-213]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:05 UTC
Severity: important
Tags: fixed-upstream, security, upstream
...
Description of Problem A number of security issues have been identified within Citrix XenServer The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host This issue has the identifier: CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest ...