- Home
- CVEs with nessus.description==This update for xen to version 4.9.2 fixes several issues. This
feature was added :
- Added script, udev rule and systemd service to watch for
vcpu online/offline events in a HVM domU. They are
triggered via 'xl vcpu-set domU N' These security issues
were fixed :
- CVE-2018-8897: Prevent mishandling of debug exceptions
on x86 (XSA-260, bsc#1090820)
- Handle HPET timers in IO-APIC mode correctly to prevent
malicious or buggy HVM guests from causing a hypervisor
crash or potentially privilege escalation/information
leaks (XSA-261, bsc#1090822)
- Prevent unbounded loop, induced by qemu allowing an
attacker to permanently keep a physical CPU core busy
(XSA-262, bsc#1090823)
- CVE-2018-10472: x86 HVM guest OS users (in certain
configurations) were able to read arbitrary dom0 files
via QMP live insertion of a CDROM, in conjunction with
specifying the target file as the backing file of a
snapshot (bsc#1089152).
- CVE-2018-10471: x86 PV guest OS users were able to cause
a denial of service (out-of-bounds zero write and
hypervisor crash) via unexpected INT 80 processing,
because of an incorrect fix for CVE-2017-5754
(bsc#1089635).
- CVE-2018-7540: x86 PV guest OS users were able to cause
a denial of service (host OS CPU hang) via
non-preemptable L3/L4 pagetable freeing (bsc#1080635).
- CVE-2018-7541: Guest OS users were able to cause a
denial of service (hypervisor crash) or gain privileges
by triggering a grant-table transition from v2 to v1
(bsc#1080662).
- CVE-2018-7542: x86 PVH guest OS users were able to cause
a denial of service (NULL pointer dereference and
hypervisor crash) by leveraging the mishandling of
configurations that lack a Local APIC (bsc#1080634).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top