Debian Xen vulnerabilities

CVE-2012-6030 [MEDIUM] CVE-2012-6030: xen - The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4... The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-20

CVE-2012-3497 [MEDIUM] CVE-2012-3497: xen - (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_... (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. Scope: lo

CVE-2012-6033 [MEDIUM] CVE-2012-6033: xen - The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, ... The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. Scope: lo

CVE-2012-4535 [LOW] CVE-2012-4535: xen - Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS admini... Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." Scope: local bookworm: resolved (fixed in 4.1.3-4) bullseye: resolved (fixed in 4.1.3-4) forky: resolved (fixed in 4.1.3-4) sid: resolved (fixed in 4.1.3-4)

CVE-2012-5512 [LOW] CVE-2012-5512: xen - Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HV... Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.1.3-5) bullseye: resolved (fixed in 4.1.3-5) forky: resolved (fixed in 4.1.3-5) sid: resolved (fixed in 4.1.3-5) trixie: resolved (

CVE-2012-4544 [LOW] CVE-2012-4544: xen - The PV domain builder in Xen 4.2 and earlier does not validate the size of the k... The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. Scope: local bookworm: resolved (fixed in 4.1.3-4) bullseye: resolved (fixed in 4.1.3-4) forky: res

CVE-2012-6034 [MEDIUM] CVE-2012-6034: xen - The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and t... The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspe

CVE-2012-5525 [MEDIUM] CVE-2012-5525: xen - The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS adm... The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-1898 [HIGH] CVE-2011-1898: xen - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel V... Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." Scope: local bookworm: resolved (fixed in 4.1.1-1) bullseye: resolved (fixed in 4.1.1-1) forky: resolve

CVE-2011-1583 [MEDIUM] CVE-2011-1583: xen - Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3... Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. S

CVE-2011-3131 [MEDIUM] CVE-2011-3131: xen - Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] dev... Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. Scope: local bookworm: resolved (fixed in 4.1.2-1) bullseye: resolved (fixed in 4.1.2-1) forky: resolved (fixed in 4.1.2-1) sid: resolved (f

CVE-2011-1166 [MEDIUM] CVE-2011-1166: xen - Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of s... Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. Scope: local bookworm: resolved (fixed in 4.1.0-1) bullseye: resolved (fixed in 4.1.0-1) forky: resolved (fixed in 4.1.0-1) sid: resolved (fixed in 4.1.0-1) trixie: resolved (fixed in 4.1.0-1)

CVE-2011-4111 [MEDIUM] CVE-2011-4111: qemu - Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-... Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message. Scope: local bookworm: resolved (fixed in 0.15.1+dfsg-2) bullseye: resolved (fixed in 0.15.1+dfsg-2) forky:

CVE-2011-3262 [LOW] CVE-2011-3262: xen - tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local us... tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." Scope: local bookworm: resolved (fixed in 4.1.1-1) bullseye: resolved (fixed in 4.1.1-1) forky:

CVE-2011-2901 [MEDIUM] CVE-2011-2901: xen - Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 b... Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-2519 [MEDIUM] CVE-2011-2519: xen - Xen in the Linux kernel, when running a guest on a host without hardware assiste... Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2010-2938 [MEDIUM] CVE-2010-2938: xen - arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implemen... arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS cr

CVE-2010-4255 [MEDIUM] CVE-2010-4255: xen - The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64... The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. Scope: local bookworm: resolved (fixed in 4.0