Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen
hypervisor, which may lead to privilege escalation, guest-to-host
breakout, denial of service or information leaks
In additional to the CVE identifiers listed above, this update also
addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215
For the stable distr ...
Debian Bug report logs -
#848081
xen: CVE-2016-9932: x86 CMPXCHG8B emulation fails to ignore operand size override
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 13 Dec 2016 21:03:02 UTC
Severity: im ...
Debian Bug report logs -
#861662
possible memory corruption via failsafe callback [XSA-215]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:12:01 UTC
Severity: important
Tags: fixed-upst ...
Debian Bug report logs -
#856229
xen: XSA-207: memory leak when destroying guest without PT devices
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 26 Feb 2017 19:12:02 UTC
Severity: important
Tags: f ...
Debian Bug report logs -
#859560
xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Apr 2017 19:51:02 UTC
...
Debian Bug report logs -
#861659
64bit PV guest breakout [XSA-213]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:05 UTC
Severity: important
Tags: fixed-upstream, security, upstream
...
Debian Bug report logs -
#861660
grant transfer allows PV guest to elevate privileges [XSA-214]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:08 UTC
Severity: important
Tags: fixed- ...
An issue (known as XSA-212) was discovered in Xen, with fixes available for 48x, 47x, 46x, 45x, and 44x The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays ...
Description of Problem A number of security issues have been identified within Citrix XenServer The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host This issue has the identifier: CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest ...