- Home
- CVEs with nessus.description==This update for xen fixes several issues. These security issues were
fixed :
- CVE-2018-8897: Prevent mishandling of debug exceptions
on x86 (XSA-260, bsc#1090820)
- Handle HPET timers in IO-APIC mode correctly to prevent
malicious or buggy HVM guests from causing a hypervisor
crash or potentially privilege escalation/information
leaks (XSA-261, bsc#1090822)
- Prevent unbounded loop, induced by qemu allowing an
attacker to permanently keep a physical CPU core busy
(XSA-262, bsc#1090823)
- CVE-2018-10472: x86 HVM guest OS users (in certain
configurations) were able to read arbitrary dom0 files
via QMP live insertion of a CDROM, in conjunction with
specifying the target file as the backing file of a
snapshot (bsc#1089152).
- CVE-2018-10471: x86 PV guest OS users were able to cause
a denial of service (out-of-bounds zero write and
hypervisor crash) via unexpected INT 80 processing,
because of an incorrect fix for CVE-2017-5754
(bsc#1089635).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top