Debian Xen vulnerabilities

CVE-2017-10918 [CRITICAL] CVE-2017-10918: xen - Xen through 4.8.x does not validate memory allocations during certain P2M operat... Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (fixed in 4.8.1-1+deb9u3) sid: resolved (fixed in 4.8.1-1+deb9u3) trixie: resolved (f

CVE-2017-10913 [CRITICAL] CVE-2017-10913: xen - The grant-table feature in Xen through 4.8.x provides false mapping information ... The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (fixed in 4.8.1-1+deb9u

CVE-2017-10915 [CRITICAL] CVE-2017-10915: xen - The shadow-paging feature in Xen through 4.8.x mismanages page references and co... The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (fixed in 4.8.1-1+deb9u3) sid: resolved (fixed in 4.8.1-1+deb9

CVE-2017-10912 [CRITICAL] CVE-2017-10912: xen - Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtai... Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (fixed in 4.8.1-1+deb9u3) sid: resolved (fixed in 4.8.1-1+deb9u3) trixie: resolved (fixed in 4.8.1-1+deb9u3)

CVE-2017-10921 [CRITICAL] CVE-2017-10921: xen - The grant-table feature in Xen through 4.8.x does not ensure sufficient type cou... The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolv

CVE-2017-15597 [CRITICAL] CVE-2017-15597: xen - An issue was discovered in Xen through 4.9.x. Grant copying code made an implica... An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator

CVE-2017-10914 [HIGH] CVE-2017-10914: xen - The grant-table feature in Xen through 4.8.x has a race condition leading to a d... The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (f

CVE-2017-14319 [HIGH] CVE-2017-14319: xen - A grant unmapping issue was discovered in Xen through 4.9.x. When removing or re... A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. Scope: local b

CVE-2017-15590 [HIGH] CVE-2017-15590: xen - An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to caus... An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. Scope: local bookworm: resolved (fixed in 4.8.2+xsa245-0+deb9u1) bullseye: resolved (fixed in 4.8.2+xsa245-0+deb9u1) forky: resolved (fixed in 4.8.2+xsa245-0+deb9u1) sid: resolved (fixed

CVE-2017-8905 [HIGH] CVE-2017-8905: xen - Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which migh... Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. Scope: local bookworm: resolved (fixed in 4.8.0~rc3-1) bullseye: resolved (fixed in 4.8.0~rc3-1) forky: resolved (fixed in 4.8.0~rc3-1) sid: resolved (fixed in 4.8.0~rc3-1) trixie: resolved (fixed in 4.8.0~rc3-1)

CVE-2017-8904 [HIGH] CVE-2017-8904: xen - Xen through 4.8.x mishandles the "contains segment descriptors" property during ... Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u1) bullseye: resolved (fixed in 4.8.1-1+deb9u1) forky: resolved (fixed in 4.8.1-1+deb9u1) sid: re

CVE-2017-15594 [HIGH] CVE-2017-15594: xen - An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users ... An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. Scope: local bookworm: resolved (fixed in 4.8.2+xsa245-0+deb9u1) bullseye: resolved (fixed in 4.8.2+xsa245-0+deb9u1) forky: resolved (fixed in 4.8.2+xsa245-0+deb9u1)

CVE-2017-12137 [HIGH] CVE-2017-12137: xen - arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges v... arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (fixed in 4.8.1-1+deb9u3) sid: resolved (fixed in 4.8.1-1+deb9u3) trixie: resolved (fixed in 4.8.1-1+deb9u3)

CVE-2017-7228 [HIGH] CVE-2017-7228: xen - An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.... An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. Scope: local bookworm: resolved (fixed in 4.8.1-1) bullseye: resolved

CVE-2017-17563 [HIGH] CVE-2017-17563: xen - An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a ... An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. Scope: local bookworm: resolved (fixed in 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5) bullseye: resolved (fixed in 4.8.3+comet2+shim4.10.0+comet3-1+

CVE-2017-8903 [HIGH] CVE-2017-8903: xen - Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hyper... Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u1) bullseye: resolved (fixed in 4.8.1-1+deb9u1) forky: resolved (fixed in 4.8.1-1+deb9u1) sid: resolved (fixed in 4.8.1-1+deb9u1) trixie: reso

CVE-2017-10922 [HIGH] CVE-2017-10922: xen - The grant-table feature in Xen through 4.8.x mishandles MMIO region grant refere... The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: resolved (fixed in 4.8.1-1+deb9u3) sid: resolved (fixed in 4.8.1-1+deb

CVE-2017-15592 [HIGH] CVE-2017-15592: xen - An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to ... An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. Scope: local bookworm: resolved (fixed in 4.8.2+xsa245-0+deb9u1) bullseye: resolved (fixed in 4.8.2+xsa245-0+deb9u1) forky: resolved (fixed in 4.

CVE-2017-17045 [HIGH] CVE-2017-17045: xen - An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain... An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. Scope: local bookworm: resolved (fixed in 4.8.2+xsa245-0+deb9u1) bullseye: resolved (fixe

CVE-2017-10916 [HIGH] CVE-2017-10916: xen - The vCPU context-switch implementation in Xen through 4.8.x improperly interacts... The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. Scope: local bookworm: resolved (fixed in 4.8.1-1+deb9u3) bullseye: resolved (fixed in 4.8.1-1+deb9u3) forky: