Debian Xen vulnerabilities

CVE-2014-5149 [MEDIUM] CVE-2014-5149: xen - Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using sha... Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. Scope: local bookworm: resolved (fixed in 4.4.1-4) bulls

CVE-2014-4021 [LOW] CVE-2014-4021: xen - Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from gues... Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.4.1-1) bullseye: resolved (fixed in 4.4.1-1) forky: resolved (fixed in 4.4.1-1) sid: resolved (fixed in 4.4.1-1) trixie: resolved (fixed in 4.4.1-1)

CVE-2014-1891 [MEDIUM] CVE-2014-1891: xen - Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLAS... Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893

CVE-2014-3125 [MEDIUM] CVE-2014-3125: xen - Xen 4.4.x, when running on an ARM system, does not properly context switch the C... Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-3716 [LOW] CVE-2014-3716: xen - Xen 4.4.x does not properly check alignment, which allows local users to cause a... Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-1893 [MEDIUM] CVE-2014-1893: xen - Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL subope... Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. Scope: local bookworm: resolv

CVE-2014-8595 [LOW] CVE-2014-8595: xen - arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly ... arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. Scope: local bookworm: resolved (fixed in 4.4.1-4) bullseye: resolved (fixed in 4.4.1-

CVE-2014-9030 [HIGH] CVE-2014-9030: xen - The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not ... The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. Scope: local bookworm: resolved (fixed in 4.4.1-4) bullseye: resolved (fixed in 4.4.1-4) forky: resolved (fixed in 4.4.1-4) sid:

CVE-2014-3969 [HIGH] CVE-2014-3969: xen - Xen 4.4.x, when running on an ARM system, does not properly check write permissi... Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-2211 [HIGH] CVE-2013-2211: xen - The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses we... The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4.3.0-1) forky: resolved (fixe

CVE-2013-6375 [HIGH] CVE-2013-6375: xen - Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properl... Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (f

CVE-2013-1432 [HIGH] CVE-2013-1432: xen - Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly mainta... Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4

CVE-2013-1918 [MEDIUM] CVE-2013-1918: xen - Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are ... Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." Scope: local bookworm: resolved (fixed in 4.1.4-4) bullseye: resolved (fixed in 4.1.4-4) forky: resolved (fixed in 4.1.4-4) sid: resolved (fixed in 4.1.4-4) trixie:

CVE-2013-4329 [MEDIUM] CVE-2013-4329: xen - The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled,... The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4.

CVE-2013-4553 [MEDIUM] CVE-2013-4553: xen - The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) ... The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (fixed in 4.4.0-1) forky: resolved (fixed in 4.4.0-1) sid: r

CVE-2013-4371 [MEDIUM] CVE-2013-4371: xen - Use-after-free vulnerability in the libxl_list_cpupool function in the libxl too... Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. Scope: loc

CVE-2013-2194 [MEDIUM] CVE-2013-2194: xen - Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier a... Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4.3.0-1) forky: resolved (fixed in 4.3.0-1) sid: resolved (fixed in 4.3.0-1) trixie: resolved (fixed in

CVE-2013-4494 [MEDIUM] CVE-2013-4494: xen - Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_t... Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (fixed in 4.4.0-1) forky: resolved (fixed in 4.4.0-1)

CVE-2013-6400 [MEDIUM] CVE-2013-6400: xen - Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, d... Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. Scope: local bookworm: resolved (

CVE-2013-0153 [MEDIUM] CVE-2013-0153: xen - The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using A... The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. Scope: local bookworm: resolved (fixed in 4.1.4-2) bullseye: resolved (fixed in 4.1.4-2) forky: resolv