Debian Xen vulnerabilities

CVE-2019-11091 [MEDIUM] CVE-2019-11091: intel-microcode - Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory ... Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents

CVE-2019-17349 [MEDIUM] CVE-2019-17349: xen - An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cau... An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. Scope: local bookworm: resolved (fixed in 4.11.3+24-g14b62ab3e5-1) bullseye: resolved (fixed in 4.11.3+24-g14b62ab3e5-1) forky: resolved (fixed in 4.11.3+24-g14b62ab3e5-1) sid: resolved (fixed in 4.11.3+24-

CVE-2019-17345 [MEDIUM] CVE-2019-17345: xen - An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS use... An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. Scope: local bookworm: resolved (fixed in 4.11.1+92-g6c33308a8d-1) bullseye: resolved (fixed in 4.11.1+92-g6c33308a8d-1) forky: resolved (fixed in 4.11.1

CVE-2019-19579 [MEDIUM] CVE-2019-19579: xen - An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS... An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guest

CVE-2019-18420 [MEDIUM] CVE-2019-18420: xen - An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to ... An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUO

CVE-2019-19581 [MEDIUM] CVE-2019-19581: xen - An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users... An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm acc

CVE-2019-17350 [MEDIUM] CVE-2019-17350: xen - An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cau... An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. Scope: local bookworm: resolved (fixed in 4.11.3+24-g14b62ab3e5-1) bullseye: resolved (fixed in 4.11.3+24-g14b62ab3e5-1) forky: resolved (fixed in 4.11.3+24-g14b62ab3e5-1) sid: resolved (fixed in 4.11.3+24-g

CVE-2018-12892 [CRITICAL] CVE-2018-12892: xen - An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the reado... An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl d

CVE-2018-18883 [HIGH] CVE-2018-18883: xen - An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, all... An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. Scope: local bookworm: resolved (fixed in 4.11.1-1) bullseye: resolved (fixed in 4.11.1-1) forky: resolved (f

CVE-2018-19962 [HIGH] CVE-2018-19962: xen - An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly all... An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. Scope: local bookworm: resolved (fixed in 4.11.1-1) bullseye: resolved (fixed in 4.11.1-1) forky: resolved (fixed in 4.11.1-1) sid: resolved (fixed in 4.11.1-1) trixie: resolv

CVE-2018-19961 [HIGH] CVE-2018-19961: xen - An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly all... An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Scope: local bookworm: resolved (fixed in 4.11.1-1) bullseye: resolved (fixed in 4.11.1-1) forky: resolved (fixed in 4.11.1-1) sid: resolved (fixed in 4.11.1-1) trixie: resolv

CVE-2018-8897 [HIGH] CVE-2018-8897: linux - A statement in the System Programming Guide of the Intel 64 and IA-32 Architectu... A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen config

CVE-2018-10982 [HIGH] CVE-2018-10982: xen - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to... An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. Scope: local bookworm: resolved (fixed in 4.8.3+xsa262

CVE-2018-19963 [HIGH] CVE-2018-19963: xen - An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denia... An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled. Scope: local bookworm: resolved (fixed in 4.11.1-1) bullseye: resolved (fixed in 4.11.1-1) forky: resolved (fixed in 4.11.1-1) sid: resolved

CVE-2018-19966 [HIGH] CVE-2018-19966: xen - An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to ... An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. Scope: local bookworm: resolved (fixed in 4.11

CVE-2018-7541 [HIGH] CVE-2018-7541: xen - An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a... An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Scope: local bookworm: resolved (fixed in 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5) bullseye: resolved (fixed in 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5) forky: resolved (fixed in 4.8.

CVE-2018-3665 [MEDIUM] CVE-2018-3665: linux - System software utilizing Lazy FP state restore technique on systems using Intel... System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Scope: local bookworm: resolved (fixed in 4.6.1-1) bullseye: resolved (fixed in 4.6.1-1) forky: resolved (fixed in 4.6.1-1) sid: resolved (fixe

CVE-2018-19967 [MEDIUM] CVE-2018-19967: xen - An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing gu... An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. Scope: local bookworm: resolved (fixed in 4.11.1-1) bullseye: resolved (fixed in 4.11.1-1) forky: resol

CVE-2018-12207 [MEDIUM] CVE-2018-12207: linux - Improper invalidation for page table updates by a virtual guest operating system... Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Scope: local bookworm: resolved (fixed in 5.3.9-2) bullseye: resolved (fixed in 5.3.9-2) forky: resolved (fixed in 5.3.9-2) sid: resolved (fixed

CVE-2018-3620 [MEDIUM] CVE-2018-3620: intel-microcode - Systems with microprocessors utilizing speculative execution and address transla... Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. Scope: local bookworm: resolved (fixed in 3.20180703.1) bullseye: resolved (fixed in 3.20180703.1) for