- Home
- CVEs with nessus.description==This+update+for+xen+to+version+4.9.2+fixes+several+issues.+This+feature+was+added+%3A%0A%0A++-+Added+script%2C+udev+rule+and+systemd+service+to+watch+for+++++vcpu+online%2Foffline+events+in+a+HVM+domU.+They+are+++++triggered+via+%27xl+vcpu-set+domU+N%27+These+security+issues+++++were+fixed+%3A%0A%0A++-+CVE-2018-8897%3A+Prevent+mishandling+of+debug+exceptions+++++on+x86+%28XSA-260%2C+bsc%231090820%29%0A%0A++-+Handle+HPET+timers+in+IO-APIC+mode+correctly+to+prevent+++++malicious+or+buggy+HVM+guests+from+causing+a+hypervisor+++++crash+or+potentially+privilege+escalation%2Finformation+++++leaks+%28XSA-261%2C+bsc%231090822%29%0A%0A++-+Prevent+unbounded+loop%2C+induced+by+qemu+allowing+an+++++attacker+to+permanently+keep+a+physical+CPU+core+busy+++++%28XSA-262%2C+bsc%231090823%29%0A%0A++-+CVE-2018-10472%3A+x86+HVM+guest+OS+users+%28in+certain+++++configurations%29+were+able+to+read+arbitrary+dom0+files+++++via+QMP+live+insertion+of+a+CDROM%2C+in+conjunction+with+++++specifying+the+target+file+as+the+backing+file+of+a+++++snapshot+%28bsc%231089152%29.%0A%0A++-+CVE-2018-10471%3A+x86+PV+guest+OS+users+were+able+to+cause+++++a+denial+of+service+%28out-of-bounds+zero+write+and+++++hypervisor+crash%29+via+unexpected+INT+80+processing%2C+++++because+of+an+incorrect+fix+for+CVE-2017-5754+++++%28bsc%231089635%29.%0A%0A++-+CVE-2018-7540%3A+x86+PV+guest+OS+users+were+able+to+cause+++++a+denial+of+service+%28host+OS+CPU+hang%29+via+++++non-preemptable+L3%2FL4+pagetable+freeing+%28bsc%231080635%29.%0A%0A++-+CVE-2018-7541%3A+Guest+OS+users+were+able+to+cause+a+++++denial+of+service+%28hypervisor+crash%29+or+gain+privileges+++++by+triggering+a+grant-table+transition+from+v2+to+v1+++++%28bsc%231080662%29.%0A%0A++-+CVE-2018-7542%3A+x86+PVH+guest+OS+users+were+able+to+cause+++++a+denial+of+service+%28NULL+pointer+dereference+and+++++hypervisor+crash%29+by+leveraging+the+mishandling+of+++++configurations+that+lack+a+Local+APIC+%28bsc%231080634%29.%0A%0AThe+update+package+also+includes+non-security+fixes.+See+advisory+for+details.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+SUSE+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top