Multiple vulnerabilities have been discovered in the Xen hypervisor The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2016-7777
(XSA-190)
Jan Beulich from SUSE discovered that Xen does not properly honor
CR0TS and CR0EM for x86 HVM guests, potentially allowing guest
users to read or modify F ...
Debian Bug report logs -
#845667
xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host data
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:45:07 UTC
Severity: important
T ...
Debian Bug report logs -
#845670
xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:57:01 UTC
Severity: impo ...
Debian Bug report logs -
#845665
xen: CVE-2016-9385: x86 segment base write emulation lacking canonical address checks
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:45:01 UTC
Severity ...
Debian Bug report logs -
#848713
xen: CVE-2016-10013: x86: Mishandling of SYSCALL singlestep during emulation
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:06:01 UTC
Severity: importa ...
Debian Bug report logs -
#845668
xen: CVE-2016-9383: x86 64-bit bit test instruction emulation broken
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:51:02 UTC
Severity: important
Tags: ...
Debian Bug report logs -
#845664
xen: CVE-2016-9382: x86 task switch to VM86 mode mis-handled
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:39:04 UTC
Severity: important
Tags: patch, ...
Debian Bug report logs -
#845663
xen: CVE-2016-9386: x86 null segments not always treated as unusable
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:39:01 UTC
Severity: important
Tags: ...
Debian Bug report logs -
#845669
xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:54:01 UTC
Severity: impor ...
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values ...
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 70 For releases before Citrix XenServer 70, the ...