- Home
- CVEs with nessus.description==This update for xen fixes several issues.
These security issues were fixed :
CVE-2018-8897: Prevent mishandling of debug exceptions on x86
(XSA-260, bsc#1090820)
Handle HPET timers in IO-APIC mode correctly to prevent malicious or
buggy HVM guests from causing a hypervisor crash or potentially
privilege escalation/information leaks (XSA-261, bsc#1090822)
Prevent unbounded loop, induced by qemu allowing an attacker to
permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
CVE-2018-10472: x86 HVM guest OS users (in certain configurations)
were able to read arbitrary dom0 files via QMP live insertion of a
CDROM, in conjunction with specifying the target file as the backing
file of a snapshot (bsc#1089152).
CVE-2018-10471: x86 PV guest OS users were able to cause a denial of
service (out-of-bounds zero write and hypervisor crash) via unexpected
INT 80 processing, because of an incorrect fix for CVE-2017-5754
(bsc#1089635).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top