Debian Xen vulnerabilities

CVE-2013-2078 [MEDIUM] CVE-2013-2078: xen - Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a... Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Scope: local bookworm: resolved (fixed in 4.2.2-1) bullseye: resolved (fixed in 4.2.2-1) forky: resolved (fixed in 4.2.2-1) sid: resolved (fixed in 4.2.2-1) trixie: resolved (fixed in 4.2.2-1)

CVE-2013-2195 [MEDIUM] CVE-2013-2195: xen - The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrator... The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4.3.0-1) forky: resolved (fixed in 4.3.0-1) sid: resolved (fixed

CVE-2013-1964 [MEDIUM] CVE-2013-1964: xen - Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-... Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.1.4-3) bullseye: resolved (fixed in 4.1.4-3) forky: r

CVE-2013-4551 [MEDIUM] CVE-2013-4551: xen - Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly c... Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (fixed in 4.4.0

CVE-2013-2196 [MEDIUM] CVE-2013-2196: xen - Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and... Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4.3.0-1) forky: reso

CVE-2013-4356 [MEDIUM] CVE-2013-4356: xen - Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migr... Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (fixed in 4.4.0-1) forky: resolved (fixed in 4.4.0-1) sid

CVE-2013-4370 [MEDIUM] CVE-2013-4370: xen - The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x fr... The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. Scope: local bookworm: resolved (fixed in

CVE-2013-2077 [MEDIUM] CVE-2013-2077: xen - Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR,... Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.2.2-1) bullseye: resolved (fixed in 4.2.2-1) forky: resolved (fixed in 4.2.2-1) sid: resolved (fixed in 4.2.2-1) tri

CVE-2013-1919 [MEDIUM] CVE-2013-1919: xen - Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows loca... Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." Scope: local bookworm: resolved (fixed in 4.1.4-3) bullseye: resolved (fixed in 4.1.4-3) forky: resolved (fixed in 4.1.4-3) sid: resolved (fixed in 4.1.4-3)

CVE-2013-0151 [MEDIUM] CVE-2013-0151: xen - The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 plat... The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs. Scope: loca

CVE-2013-1442 [LOW] CVE-2013-1442: xen - Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly cle... Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. Scope: local bookworm: resolved (fix

CVE-2013-4369 [LOW] CVE-2013-4369: xen - The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x all... The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (fixed in 4.4.0-1) forky: resolved (fixed in 4.4.0-1) sid: resolved (fixed in 4.4.0-1) trixie:

CVE-2013-4368 [LOW] CVE-2013-4368: xen - The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when usi... The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. Scope: local bookworm: resolved (fixed in 4.4.0-1

CVE-2013-0152 [MEDIUM] CVE-2013-0152: xen - Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of... Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-4361 [LOW] CVE-2013-4361: xen - The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the corre... The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. Scope: local bookworm: resolved (fixed in 4.4.0-1) bullseye: resolved (fixed in 4.4.0-1) forky: resolved (fixed in 4.4.0-1) sid: reso

CVE-2013-0215 [MEDIUM] CVE-2013-0215: xen - oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider ... oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access. Scope: local bookworm: resolved bull

CVE-2013-4344 [HIGH] CVE-2013-4344: qemu - Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI ... Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Scope: local bookworm: resolved (fixed in 1.6.0+dfsg-2) bullseye: resolved (fixed in 1.6.0+dfsg-2) forky: resolved (fixed in 1.6.0+dfsg-2) sid: resolved (

CVE-2013-3495 [MEDIUM] CVE-2013-3495: xen - The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows loca... The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). Scope: local bookworm: resolved (fixed in 4.4.1-3) bullseye: resol

CVE-2013-1922 [MEDIUM] CVE-2013-1922: qemu - qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk imag... qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. Scope: local bookworm: resolved (fixed in 1.

CVE-2013-2212 [MEDIUM] CVE-2013-2212: xen - The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allo... The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. Scope: local bookworm: resolved (fixed in 4.3.0-1) bullseye: resolved (fixed in 4.3.0-1) forky: resolved (fixed i