The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of XenServer

vulnerability announce CVE-2016-10025

Xen: NULL pointer dereference via VMFUNC

Synthesis of the vulnerability

An attacker, inside a guest system, can force a NULL pointer to be dereferenced via VMFUNC of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 21/12/2016.
Identifiers: CERTFR-2016-AVI-428, CTX219378, CVE-2016-10025, FEDORA-2016-92e3ea2d1b, FEDORA-2016-bc02bff7f5, openSUSE-SU-2017:0005-1, SUSE-SU-2016:3208-1, VIGILANCE-VUL-21442, XSA-203.

Description of the vulnerability

An attacker, inside a guest system, can force a NULL pointer to be dereferenced via VMFUNC of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-10024

Xen: denial of service via X86 PV Mask Interrupt

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via X86 PV Mask Interrupt of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 21/12/2016.
Identifiers: CERTFR-2016-AVI-428, CTX219378, CVE-2016-10024, DLA-783-1, DSA-3847-1, FEDORA-2016-92e3ea2d1b, FEDORA-2016-bc02bff7f5, openSUSE-SU-2017:0005-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3207-1, SUSE-SU-2016:3208-1, SUSE-SU-2016:3221-1, SUSE-SU-2016:3241-1, SUSE-SU-2017:0718-1, VIGILANCE-VUL-21441, XSA-202.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via X86 PV Mask Interrupt of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-10013

Xen: privilege escalation via SYSCALL

Synthesis of the vulnerability

An attacker can trigger a debug trap on a SYSCALL instruction in a guest system managed by Xen, in order to get guest operating system privileges on non Linux systems.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 20/12/2016.
Identifiers: CERTFR-2016-AVI-424, CTX222565, CVE-2016-10013, DLA-783-1, DSA-3847-1, FEDORA-2016-92e3ea2d1b, FEDORA-2016-bc02bff7f5, openSUSE-SU-2017:0005-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3207-1, SUSE-SU-2016:3208-1, SUSE-SU-2016:3221-1, SUSE-SU-2016:3241-1, SUSE-SU-2017:0718-1, VIGILANCE-VUL-21423, XSA-204.

Description of the vulnerability

Processing the interrupts, exceptions and traps is part of the job of the hypervisor Xen.

A user program like a debugger in a guest system can define the conditions that trigger debug traps. However, Xen wrongly handles one of these traps when it applies to a SYSCALL instruction, which triggers a privilege transition as part of the processing of system calls.

An attacker can therefore trigger a debug trap on a SYSCALL instruction in a guest system managed by Xen, in order to get guest operating system privileges on non Linux systems.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-9932

Xen: information disclosure via CMPXCHG8B

Synthesis of the vulnerability

A local attacker, inside a guest system, can use an instruction CMPXCHG8B, in order to fetch some bytes of Xen' stack, on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/12/2016.
Identifiers: CERTFR-2016-AVI-418, CERTFR-2016-AVI-428, CTX219378, CVE-2016-9932, DLA-964-1, DSA-3847-1, FEDORA-2016-1b868c23a9, FEDORA-2016-bcbae0781f, openSUSE-SU-2017:0005-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3207-1, SUSE-SU-2016:3208-1, SUSE-SU-2016:3221-1, SUSE-SU-2016:3241-1, SUSE-SU-2017:0718-1, VIGILANCE-VUL-21386, XSA-200.

Description of the vulnerability

The Xen product can emulate x86 instructions.

Some instructions may be modified with an operand size prefix that states the length of the memory access. Thus prefix should not be taken into account for the instruction CMPXCHG8B. However, some parts of the hypervisor do use it.

A local attacker, inside a guest system, can therefore use an instruction CMPXCHG8B, in order to fetch some bytes of Xen' stack, on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-9637

Xen: buffer overflow via qemu ioport

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via qemu ioport of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 06/12/2016.
Identifiers: CERTFR-2016-AVI-397, CERTFR-2016-AVI-398, CTX219136, CVE-2016-9637, DLA-1270-1, FEDORA-2016-cc2916dcf4, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, RHSA-2016:2963-01, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, VIGILANCE-VUL-21277.

Description of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via qemu ioport of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-9379 CVE-2016-9380

Xen: information disclosure via Pygrub Delimiter Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Pygrub Delimiter Injection of Xen, in order to obtain sensitive information.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: privileged shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/11/2016.
Identifiers: CERTFR-2016-AVI-387, CERTFR-2016-AVI-389, CTX218775, CVE-2016-9379, CVE-2016-9380, DLA-720-1, DSA-3729-1, FEDORA-2016-68b71978a1, FEDORA-2016-95c104a4c6, FEDORA-2016-999e1a6927, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, VIGILANCE-VUL-21188, XSA-198.

Description of the vulnerability

An attacker can bypass access restrictions to data via Pygrub Delimiter Injection of Xen, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-9381

Xen: privilege escalation via Shared Ring

Synthesis of the vulnerability

An attacker can bypass restrictions via Shared Ring of Xen, in order to escalate his privileges.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 22/11/2016.
Identifiers: CERTFR-2016-AVI-387, CERTFR-2016-AVI-389, CTX218775, CVE-2016-9381, DLA-720-1, FEDORA-2016-68b71978a1, FEDORA-2016-95c104a4c6, FEDORA-2016-999e1a6927, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, openSUSE-SU-2017:0194-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, SUSE-SU-2017:0127-1, USN-3261-1, VIGILANCE-VUL-21187, XSA-197.

Description of the vulnerability

An attacker can bypass restrictions via Shared Ring of Xen, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-9377 CVE-2016-9378

Xen: denial of service via X86 Software Interrupt

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via X86 Software Interrupt of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/11/2016.
Identifiers: CERTFR-2016-AVI-387, CERTFR-2016-AVI-389, CTX218775, CVE-2016-9377, CVE-2016-9378, FEDORA-2016-68b71978a1, FEDORA-2016-95c104a4c6, FEDORA-2016-999e1a6927, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, VIGILANCE-VUL-21186, XSA-196.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via X86 Software Interrupt of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9383

Xen: privilege escalation via X86 64-bit Bit Test Instruction

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 64-bit Bit Test Instruction of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 22/11/2016.
Identifiers: CERTFR-2016-AVI-387, CERTFR-2016-AVI-389, CTX218775, CVE-2016-9383, DLA-720-1, DSA-3729-1, FEDORA-2016-68b71978a1, FEDORA-2016-95c104a4c6, FEDORA-2016-999e1a6927, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, VIGILANCE-VUL-21185, XSA-195.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via X86 64-bit Bit Test Instruction of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9384

Xen: information disclosure via 32-bit ELF Symbol Table

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass access restrictions to data via 32-bit ELF Symbol Table of Xen, in order to obtain sensitive information on the host system.
Impacted products: XenServer, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 22/11/2016.
Identifiers: CERTFR-2016-AVI-387, CERTFR-2016-AVI-389, CTX218775, CVE-2016-9384, openSUSE-SU-2016:3134-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, VIGILANCE-VUL-21184, XSA-194.

Description of the vulnerability

An attacker, inside a guest system, can bypass access restrictions to data via 32-bit ELF Symbol Table of Xen, in order to obtain sensitive information on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about XenServer: