The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Xen

computer vulnerability 29535

Xen: infinite loop via Arm Atomics Operations

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger an infinite loop via Arm Atomics Operations of Xen, in order to trigger a denial of service on the host system.
Impacted products: Fedora, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 14/06/2019.
Identifiers: CERTFR-2019-AVI-272, FEDORA-2019-899ef6056c, FEDORA-2019-aeda234b68, VIGILANCE-VUL-29535, XSA-295.

Description of the vulnerability

An attacker, inside a guest system, can trigger an infinite loop via Arm Atomics Operations of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 28663

Xen: denial of service via Insufficient TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Insufficient TLB Flushing of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28663, XSA-294.

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Insufficient TLB Flushing of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28662

Xen: privilege escalation via PV Kernel Context Switch

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV Kernel Context Switch of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28662, XSA-293.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV Kernel Context Switch of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 28661

Xen: privilege escalation via Insufficient TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28661, XSA-292.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability 28660

Xen: denial of service via Failed IOMMU Update

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Failed IOMMU Update of Xen, in order to trigger a denial of service on the host system.
Impacted products: Fedora, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, FEDORA-2019-bce6498890, VIGILANCE-VUL-28660, XSA-291.

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Failed IOMMU Update of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 28659

Xen: denial of service via X86 PV Page Table Preemption

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via X86 PV Page Table Preemption of Xen, in order to trigger a denial of service on the host system.
Impacted products: Fedora, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, FEDORA-2019-bce6498890, VIGILANCE-VUL-28659, XSA-290.

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via X86 PV Page Table Preemption of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28658

Xen: privilege escalation via PV IOMMU Discipline

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV IOMMU Discipline of Xen, in order to escalate his privileges on the host system.
Impacted products: Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, FEDORA-2019-bce6498890, VIGILANCE-VUL-28658, XSA-288.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV IOMMU Discipline of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 28657

Xen: privilege escalation via Steal_page Page_struct Access Discipline

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Steal_page Page_struct Access Discipline of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28657, XSA-287.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Steal_page Page_struct Access Discipline of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 28656

Xen: privilege escalation via Pass-through Device Hotplug Race

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Pass-through Device Hotplug Race of Xen, in order to escalate his privileges on the host system.
Impacted products: Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, FEDORA-2019-bce6498890, VIGILANCE-VUL-28656, XSA-285.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Pass-through Device Hotplug Race of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Xen: