[Xen-devel] Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-113 Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling ISSUE DESCRIPTION = An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page

[Xen-devel] Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2014-8866 / XSA-111 version 3 Excessive checking in compatibility mode hypercall argument translation UPDATES IN VERSION 3 Public release. ISSUE

[Xen-devel] Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of REP MOVS to MMIO emulated inside the hypervisor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2014-8867 / XSA-112 version 5 Insufficient bounding of REP MOVS to MMIO emulated inside the hypervisor UPDATES IN VERSION 5 Public release. ISSUE

[Xen-devel] Xen Security Advisory 114 (CVE-2014-9065, CVE-2014-9066) - p2m lock starvation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2014-9065,CVE-2014-9066 / XSA-114 version 3 p2m lock starvation UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION = The

[Xen-devel] Xen Security Advisory 117 (CVE-2015-0268) - arm: vgic-v2: GICD_SGIR is not properly emulated

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-0268 / XSA-117 version 2 arm: vgic-v2: GICD_SGIR is not properly emulated UPDATES IN VERSION 2 CVE assigned. Mention CVE and XSA numbers in

[Xen-devel] Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-2150 / XSA-120 version 4 Non-maskable interrupts triggerable by guests UPDATES IN VERSION 4 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 123 (CVE-2015-2151) - Hypervisor memory corruption due to x86 emulator flaw

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-2151 / XSA-123 version 4 Hypervisor memory corruption due to x86 emulator flaw UPDATES IN VERSION 4 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 124 - Non-standard PCI device functionality may render pass-through insecure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-124 version 2 Non-standard PCI device functionality may render pass-through insecure UPDATES IN VERSION 2 Clarify scope. PCI config space backdoors

[Xen-devel] Xen Security Advisory 119 (CVE-2015-2152) - HVM qemu unexpectedly enabling emulated VGA graphics backends

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-2152 / XSA-119 version 3 HVM qemu unexpectedly enabling emulated VGA graphics backends UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2014-3969 / XSA-98 version 4 insufficient permissions checks accessing guest memory on ARM UPDATES IN VERSION 4 Supply an additional patch for arm64.

[Xen-devel] Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2014-3969 / XSA-98 version 5 insufficient permissions checks accessing guest memory on ARM UPDATES IN VERSION 5 The issue described in update 4 also

[Xen-devel] Xen Security Advisory 125 (CVE-2015-2752) - Long latency MMIO mapping operations are not preemptible

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-2752 / XSA-125 version 3 Long latency MMIO mapping operations are not preemptible UPDATES IN VERSION 3 CVE assigned. Public release. ISSUE

[Xen-devel] Xen Security Advisory 126 (CVE-2015-2756) - Unmediated PCI command register access in qemu

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-2756 / XSA-126 version 3 Unmediated PCI command register access in qemu UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-2150 / XSA-120 version 5 Non-maskable interrupts triggerable by guests UPDATES IN VERSION 5 The original patches were incomplete: although

[Xen-devel] Xen Security Advisory 118 (CVE-2015-1563) - arm: vgic: incorrect rate limiting of guest triggered logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-1563 / XSA-118 version 2 arm: vgic: incorrect rate limiting of guest triggered logging UPDATES IN VERSION 2 CVE assigned. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 132 (CVE-2015-3340) - Information leak through XEN_DOMCTL_gettscinfo

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-3340 / XSA-132 version 2 Information leak through XEN_DOMCTL_gettscinfo UPDATES IN VERSION 2 CVE assigned. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-3456 / XSA-133 version 2 Privilege escalation via emulated floppy disk drive UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest-host escape

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-3209 / XSA-135 version 3 Heap overflow in QEMU PCNET controller, allowing guest-host escape UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 134 (CVE-2015-4163) - GNTTABOP_swap_grant_ref operation misbehavior

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-4163 / XSA-134 version 3 GNTTABOP_swap_grant_ref operation misbehavior UPDATES IN VERSION 3 Public release. Added email header syntax to

[Xen-devel] Xen Security Advisory 136 (CVE-2015-4164) - vulnerability in the iret hypercall handler

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-4164 / XSA-136 version 3 vulnerability in the iret hypercall handler UPDATES IN VERSION 3 Public release. Added email header syntax to

[Xen-devel] Xen Security Advisory 130 (CVE-2015-4105) - Guest triggerable qemu MSI-X pass-through error messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-4105 / XSA-130 version 2 Guest triggerable qemu MSI-X pass-through error messages UPDATES IN VERSION 2 Public release. CVE assigned. ISSUE

[Xen-devel] Xen Security Advisory 131 (CVE-2015-4106) - Unmediated PCI register access in qemu

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-4106 / XSA-131 version 3 Unmediated PCI register access in qemu UPDATES IN VERSION 3 Public release. CVE assigned. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 129 (CVE-2015-4104) - PCI MSI mask bits inadvertently exposed to guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-4104 / XSA-129 version 2 PCI MSI mask bits inadvertently exposed to guests UPDATES IN VERSION 2 Public release. CVE assigned. ISSUE

[Xen-devel] Xen Security Advisory 128 (CVE-2015-4103) - Potential unintended writes to host MSI message data field via qemu

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-4103 / XSA-128 version 2 Potential unintended writes to host MSI message data field via qemu UPDATES IN VERSION 2 Public release. CVE assigned.

[Xen-devel] Xen Security Advisory 140 (CVE-2015-5165) - QEMU leak of uninitialized heap memory in rtl8139 device model

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-5165 / XSA-140 version 2 QEMU leak of uninitialized heap memory in rtl8139 device model UPDATES IN VERSION 2 CVE assigned. Public release. Updated

[Xen-devel] Xen Security Advisory 139 (CVE-2015-5166) - Use after free in QEMU/Xen block unplug protocol

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-5166 / XSA-139 version 2 Use after free in QEMU/Xen block unplug protocol UPDATES IN VERSION 2 CVE assigned. Public release. Updated status

[Xen-devel] Xen Security Advisory 138 (CVE-2015-5154) - QEMU heap overflow flaw while processing certain ATAPI commands.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-5154 / XSA-138 version 2 QEMU heap overflow flaw while processing certain ATAPI commands. UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 148 (CVE-2015-7835) - x86: Uncontrolled creation of large page mappings by PV guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7835 / XSA-148 version 4 x86: Uncontrolled creation of large page mappings by PV guests UPDATES IN VERSION 4 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 149 (CVE-2015-7969) - leak of main per-domain vcpu pointer array

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7969 / XSA-149 version 3 leak of main per-domain vcpu pointer array UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 150 (CVE-2015-7970) - x86: Long latency populate-on-demand operation is not preemptible

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7970 / XSA-150 version 5 x86: Long latency populate-on-demand operation is not preemptible UPDATES IN VERSION 5 Updated patch. Compared to the

[Xen-devel] Xen Security Advisory 152 (CVE-2015-7971) - x86: some pmu and profiling hypercalls log without rate limiting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7971 / XSA-152 version 3 x86: some pmu and profiling hypercalls log without rate limiting UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 145 (CVE-2015-7812) - arm: Host crash when preempting a multicall

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7812 / XSA-145 version 3 arm: Host crash when preempting a multicall UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 146 (CVE-2015-7813) - arm: various unimplemented hypercalls log without rate limiting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7813 / XSA-146 version 3 arm: various unimplemented hypercalls log without rate limiting UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 153 (CVE-2015-7972) - x86: populate-on-demand balloon size inaccuracy can crash guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7972 / XSA-153 version 3 x86: populate-on-demand balloon size inaccuracy can crash guests UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 151 (CVE-2015-7969) - x86: leak of per-domain profiling-related vcpu pointer array

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7969 / XSA-151 version 3 x86: leak of per-domain profiling-related vcpu pointer array UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 156 (CVE-2015-5307, CVE-2015-8104) - x86: CPU lockup during exception delivery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-5307,CVE-2015-8104 / XSA-156 version 2 x86: CPU lockup during exception delivery UPDATES IN VERSION 2 Minor title and text adjustment.

[Xen-devel] Xen Security Advisory 137 (CVE-2015-3259) - xl command line config handling stack overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-3259 / XSA-137 version 3 xl command line config handling stack overflow UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 141 (CVE-2015-6654) - printk is not rate-limited in xenmem_add_to_physmap_one

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-6654 / XSA-141 version 3 printk is not rate-limited in xenmem_add_to_physmap_one UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen

* DRAFT DRAFT DRAFT * Xen Security Advisory XSA-142 libxl fails to honour readonly flag on disks with qemu-xen ISSUE DESCRIPTION = Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl

[Xen-devel] DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen

* DRAFT DRAFT DRAFT * Xen Security Advisory XSA-142 libxl fails to honour readonly flag on disks with qemu-xen ISSUE DESCRIPTION = Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl

[Xen-devel] Xen Security Advisory 142 - libxl fails to honour readonly flag on disks with qemu-xen

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-142 libxl fails to honour readonly flag on disks with qemu-xen ISSUE DESCRIPTION = Callers of libxl can specify that a disk should be read-only to the guest. However, there is

[Xen-devel] Xen Security Advisory 142 (CVE-2015-7311) - libxl fails to honour readonly flag on disks with qemu-xen

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7311 / XSA-142 version 2 libxl fails to honour readonly flag on disks with qemu-xen UPDATES IN VERSION 2 CVE assigned. ISSUE DESCRIPTION

[Xen-devel] DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen

* DRAFT DRAFT DRAFT * Xen Security Advisory XSA-142 libxl fails to honour readonly flag on disks with qemu-xen ISSUE DESCRIPTION = Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl

[Xen-devel] Xen Security Advisory 160 (CVE-2015-8341) - libxl leak of pv kernel and initrd on error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8341 / XSA-160 version 3 libxl leak of pv kernel and initrd on error UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 159 (CVE-2015-8339, CVE-2015-8340) - XENMEM_exchange error handling issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8339,CVE-2015-8340 / XSA-159 version 4 XENMEM_exchange error handling issues UPDATES IN VERSION 4 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8338 / XSA-158 version 3 long running memory operations on ARM UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 164 (CVE-2015-8554) - qemu-dm buffer overrun in MSI-X handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8554 / XSA-164 version 3 qemu-dm buffer overrun in MSI-X handling UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 165 (CVE-2015-8555) - information leak in legacy x86 FPU/XMM initialization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8555 / XSA-165 version 3 information leak in legacy x86 FPU/XMM initialization UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8550 / XSA-155 version 6 paravirtualized drivers incautious about shared memory contents UPDATES IN VERSION 6 Correct CREDITS section. ISSUE

[Xen-devel] Xen Security Advisory 166 - ioreq handling possibly susceptible to multiple read issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-166 version 2 ioreq handling possibly susceptible to multiple read issue UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 157 (CVE-2015-8551, CVE-2015-8552) - Linux pciback missing sanity checks leading to crash

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8551,CVE-2015-8552 / XSA-157 version 3 Linux pciback missing sanity checks leading to crash UPDATES IN VERSION 3 Removed CVE-2015-8553 from the

[Xen-devel] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8550 / XSA-155 version 5 paravirtualized drivers incautious about shared memory contents UPDATES IN VERSION 5 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8338 / XSA-158 version 4 long running memory operations on ARM UPDATES IN VERSION 4 Mention that the original patches had two problems,

[Xen-devel] Xen Security Advisory 169 (CVE-2015-8615) - x86: unintentional logging upon guest changing callback method

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-8615 / XSA-169 version 2 x86: unintentional logging upon guest changing callback method UPDATES IN VERSION 2 CVE assigned. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 169 - x86: unintentional logging upon guest changing callback method

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-169 x86: unintentional logging upon guest changing callback method ISSUE DESCRIPTION = HYPERVISOR_hvm_op sub-op HVMOP_set_param's HVM_PARAM_CALLBACK_IRQ operation intends to log the

[Xen-devel] Xen Security Advisory 161 - WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-161 version 2 WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM UPDATES IN VERSION 2 Upon further inspection the necessary privilege

[Xen-devel] Xen Security Advisory 163 - virtual PMU is unsupported

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-163 virtual PMU is unsupported ISSUE DESCRIPTION = The Virtual Performance Measurement Unit feature has been documented as unsupported, so far only on Intel CPUs.

[Xen-devel] Xen Security Advisory 162 (CVE-2015-7504) - heap buffer overflow vulnerability in pcnet emulator

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2015-7504 / XSA-162 version 2 heap buffer overflow vulnerability in pcnet emulator UPDATES IN VERSION 2 Public release. Correct cut and paste

[Xen-devel] Xen Security Advisory 181 (CVE-2016-5242) - arm: Host crash caused by VMID exhaustion

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-5242 / XSA-181 version 2 arm: Host crash caused by VMID exhaustion UPDATES IN VERSION 2 CVE assigned. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-4963 / XSA-178 version 4 Unsanitised driver domain input in libxl device handling UPDATES IN VERSION 4 Clarify that issue goes back as far as

[Xen-devel] Xen Security Advisory 181 - arm: Host crash caused by VMID exhaustion

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-181 arm: Host crash caused by VMID exhaustion ISSUE DESCRIPTION = VMIDs are a finite hardware resource, and allocated as part of domain creation. If no free VMIDs are

[Xen-devel] Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-4963 / XSA-178 version 3 Unsanitised driver domain input in libxl device handling UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 167 (CVE-2016-1570) - PV superpage functionality missing sanity checks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-1570 / XSA-167 version 4 PV superpage functionality missing sanity checks UPDATES IN VERSION 4 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 168 (CVE-2016-1571) - VMX: intercept issue with INVLPG on non-canonical address

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-1571 / XSA-168 version 3 VMX: intercept issue with INVLPG on non-canonical address UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 170 (CVE-2016-2271) - VMX: guest user mode may crash guest with non-canonical RIP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-2271 / XSA-170 version 3 VMX: guest user mode may crash guest with non-canonical RIP UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 154 (CVE-2016-2270) - x86: inconsistent cachability flags on guest mappings

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-2270 / XSA-154 version 3 x86: inconsistent cachability flags on guest mappings UPDATES IN VERSION 3 Clarify cumbersome Resolution wording. The

[Xen-devel] Xen Security Advisory 171 (CVE-2016-3157) - I/O port access privilege escalation in x86-64 Linux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-3157 / XSA-171 version 4 I/O port access privilege escalation in x86-64 Linux UPDATES IN VERSION 4 Clarify Vulnerable Systems section. Public

[Xen-devel] Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-3158,CVE-2016-3159 / XSA-172 version 3 broken AMD FPU FIP/FDP/FOP leak workaround UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2014-3672 / XSA-180 Unrestricted qemu logging ISSUE DESCRIPTION = When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in

[Xen-devel] Xen Security Advisory 176 (CVE-2016-4480) - x86 software guest page walk PS bit handling flaw

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-4480 / XSA-176 version 3 x86 software guest page walk PS bit handling flaw UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 179 (CVE-2016-3710, CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-3710,CVE-2016-3712 / XSA-179 version 5 QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks UPDATES IN VERSION 5 Fixed credits section.

[Xen-devel] Xen Security Advisory 173 (CVE-2016-3960) - x86 shadow pagetables: address width overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-3960 / XSA-173 version 3 x86 shadow pagetables: address width overflow UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 174 (CVE-2016-3961) - hugetlbfs use may crash PV Linux guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-3961 / XSA-174 version 3 hugetlbfs use may crash PV Linux guests UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 179 (CVE-2016-3710, CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-3710,CVE-2016-3712 / XSA-179 version 4 QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks UPDATES IN VERSION 4 Public release. Also

[Xen-devel] Xen Security Advisory 182 (CVE-2016-6258) - x86: Privilege escalation in PV guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-6258 / XSA-182 version 3 x86: Privilege escalation in PV guests UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 183 (CVE-2016-6259) - x86: Missing SMAP whitelisting in 32-bit exception / event delivery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-6259 / XSA-183 version 5 x86: Missing SMAP whitelisting in 32-bit exception / event delivery UPDATES IN VERSION 5 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 184 (CVE-2016-5403) - virtio: unbounded memory allocation issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-5403 / XSA-184 version 2 virtio: unbounded memory allocation issue UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2017-2620 / XSA-209 version 3 cirrus_bitblt_cputovideo does not check if memory region is safe UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-210 arm: memory corruption when freeing p2m pages ISSUE DESCRIPTION = When freeing pages used for stage-2 page tables, the freeing routine failed to remove these pages from

[Xen-devel] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2017-2620 / XSA-209 version 4 cirrus_bitblt_cputovideo does not check if memory region is safe UPDATES IN VERSION 4 Include a prerequisite patch for

[Xen-devel] Xen Security Advisory 207 - memory leak when destroying guest without PT devices

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-207 version 2 memory leak when destroying guest without PT devices UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2017-2615 / XSA-208 version 2 oob access in cirrus bitblt copy UPDATES IN VERSION 2 Included backport for qemu-xen versions 4.7 (and

[Xen-devel] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2017-2615 / XSA-208 oob access in cirrus bitblt copy ISSUE DESCRIPTION = When doing bitblt copy backwards, qemu should negate the blit width. This avoids an oob access before

[Xen-devel] Xen Security Advisory 187 (CVE-2016-7094) - x86 HVM: Overflow of sh_ctxt->seg_reg[]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-7094 / XSA-187 version 3 x86 HVM: Overflow of sh_ctxt->seg_reg[] UPDATES IN VERSION 3 Fix the backports xsa187-4.6-0002-*.patch and

[Xen-devel] Xen Security Advisory 185 (CVE-2016-7092) - x86: Disallow L3 recursive pagetable for 32-bit PV guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-7092 / XSA-185 version 3 x86: Disallow L3 recursive pagetable for 32-bit PV guests UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 186 (CVE-2016-7093) - x86: Mishandling of instruction pointer truncation during emulation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-7093 / XSA-186 version 4 x86: Mishandling of instruction pointer truncation during emulation UPDATES IN VERSION 4 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 188 (CVE-2016-7154) - use after free in FIFO event channel code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-7154 / XSA-188 version 3 use after free in FIFO event channel code UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 190 (CVE-2016-7777) - CR0.TS and CR0.EM not always honored for x86 HVM guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016- / XSA-190 version 5 CR0.TS and CR0.EM not always honored for x86 HVM guests UPDATES IN VERSION 5 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 198 (CVE-2016-9379, CVE-2016-9380) - delimiter injection vulnerabilities in pygrub

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9379,CVE-2016-9380 / XSA-198 version 3 delimiter injection vulnerabilities in pygrub UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 197 (CVE-2016-9381) - qemu incautious about shared ring processing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9381 / XSA-197 version 3 qemu incautious about shared ring processing UPDATES IN VERSION 3 Added email header syntax to patches, for e.g.

[Xen-devel] Xen Security Advisory 193 (CVE-2016-9385) - x86 segment base write emulation lacking canonical address checks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9385 / XSA-193 version 3 x86 segment base write emulation lacking canonical address checks UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 192 (CVE-2016-9382) - x86 task switch to VM86 mode mis-handled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9382 / XSA-192 version 3 x86 task switch to VM86 mode mis-handled UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION =

[Xen-devel] Xen Security Advisory 194 (CVE-2016-9384) - guest 32-bit ELF symbol table load leaking host data

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9384 / XSA-194 version 3 guest 32-bit ELF symbol table load leaking host data UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 191 (CVE-2016-9386) - x86 null segments not always treated as unusable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9386 / XSA-191 version 3 x86 null segments not always treated as unusable UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 196 (CVE-2016-9377, CVE-2016-9378) - x86 software interrupt injection mis-handled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9377,CVE-2016-9378 / XSA-196 version 3 x86 software interrupt injection mis-handled UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 195 (CVE-2016-9383) - x86 64-bit bit test instruction emulation broken

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9383 / XSA-195 version 3 x86 64-bit bit test instruction emulation broken UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

[Xen-devel] Xen Security Advisory 200 (CVE-2016-9932) - x86 CMPXCHG8B emulation fails to ignore operand size override

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9932 / XSA-200 version 3 x86 CMPXCHG8B emulation fails to ignore operand size override UPDATES IN VERSION 3 CVE assigned. Public release. ISSUE

[Xen-devel] Xen Security Advisory 201 (CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818) - ARM guests may induce host asynchronous abort

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9815,CVE-2016-9816,CVE-2016-9817,CVE-2016-9818 / XSA-201 version 2 ARM guests may induce host asynchronous abort UPDATES IN VERSION 2 CVEs assigned.

[Xen-devel] Xen Security Advisory 201 - ARM guests may induce host asynchronous abort

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory XSA-201 ARM guests may induce host asynchronous abort ISSUE DESCRIPTION = Depending on how the hardware and firmware have been integrated, guest-triggered asynchronous aborts

[Xen-devel] Xen Security Advisory 199 (CVE-2016-9637) - qemu ioport array overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2016-9637 / XSA-199 version 3 qemu ioport array overflow UPDATES IN VERSION 3 Clarify the IMPACT description, by escalating privilege to

  1   2   >