The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Xen

vulnerability alert CVE-2019-18423

Xen: denial of service via add-to-physmap

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via add-to-physmap of Xen, in order to trigger a denial of service on the host system.
Severity: 1/4.
Creation date: 31/10/2019.
Identifiers: CERTFR-2019-AVI-541, CVE-2019-18423, SUSE-SU-2019:2961-1, VIGILANCE-VUL-30759, XSA-301.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via add-to-physmap of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2019-18420

Xen: assertion error via VCPUOP_initialise

Synthesis of the vulnerability

An attacker, inside a guest system, can force an assertion error via VCPUOP_initialise() of Xen, in order to trigger a denial of service on the host system.
Severity: 1/4.
Creation date: 31/10/2019.
Identifiers: CERTFR-2019-AVI-541, CERTFR-2019-AVI-543, CTX263477, CVE-2019-18420, openSUSE-SU-2019:2506-1, SUSE-SU-2019:2960-1, SUSE-SU-2019:2961-1, SUSE-SU-2019:2962-1, VIGILANCE-VUL-30757, XSA-296.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can force an assertion error via VCPUOP_initialise() of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2019-17351

Xen: denial of service via Unlimited Grant Table And Foreign Mapping

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Unlimited Grant Table And Foreign Mapping of Xen, in order to trigger a denial of service on the host system.
Severity: 2/4.
Creation date: 09/07/2019.
Identifiers: CERTFR-2019-AVI-313, CVE-2019-17351, FEDORA-2019-3dbfaeac73, FEDORA-2019-9d3fe6fd5b, VIGILANCE-VUL-29716, XSA-300.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Unlimited Grant Table And Foreign Mapping of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-17349 CVE-2019-17350

Xen: infinite loop via Arm Atomics Operations

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger an infinite loop via Arm Atomics Operations of Xen, in order to trigger a denial of service on the host system.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/06/2019.
Identifiers: CERTFR-2019-AVI-272, CVE-2019-17349, CVE-2019-17350, FEDORA-2019-899ef6056c, FEDORA-2019-aeda234b68, VIGILANCE-VUL-29535, XSA-295.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger an infinite loop via Arm Atomics Operations of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: 1074268, 1103481, CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CERTFR-2019-AVI-458, CERTFR-2019-AVI-489, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, FreeBSD-SA-19:26.mcu, HPESBHF03933, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, openSUSE-SU-2019:1805-1, openSUSE-SU-2019:1806-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SB10292, SSA-608355, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, SUSE-SU-2019:2430-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2019-17348

Xen: denial of service via Insufficient TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Insufficient TLB Flushing of Xen, in order to trigger a denial of service on the host system.
Severity: 2/4.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, CVE-2019-17348, FEDORA-2019-bce6498890, SUSE-SU-2019:2783-1, VIGILANCE-VUL-28663, XSA-294.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Insufficient TLB Flushing of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-17347

Xen: privilege escalation via PV Kernel Context Switch

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV Kernel Context Switch of Xen, in order to escalate his privileges on the host system.
Severity: 2/4.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, CVE-2019-17347, FEDORA-2019-bce6498890, SUSE-SU-2019:2783-1, VIGILANCE-VUL-28662, XSA-293.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV Kernel Context Switch of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2019-17346

Xen: privilege escalation via Insufficient TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Severity: 2/4.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, CVE-2019-17346, FEDORA-2019-bce6498890, SUSE-SU-2019:2783-1, VIGILANCE-VUL-28661, XSA-292.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2019-17345

Xen: denial of service via Failed IOMMU Update

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Failed IOMMU Update of Xen, in order to trigger a denial of service on the host system.
Severity: 2/4.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CVE-2019-17345, FEDORA-2019-bce6498890, VIGILANCE-VUL-28660, XSA-291.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Failed IOMMU Update of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2019-17344

Xen: denial of service via X86 PV Page Table Preemption

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via X86 PV Page Table Preemption of Xen, in order to trigger a denial of service on the host system.
Severity: 2/4.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CVE-2019-17344, FEDORA-2019-bce6498890, SUSE-SU-2019:2783-1, VIGILANCE-VUL-28659, XSA-290.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via X86 PV Page Table Preemption of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Xen: