Explore top 10 tips to secure your open-source projects now. Read More
×Multiple security issues have been found in the Xen virtualisation
solution:
CVE-2015-3209
Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet
emulation handles multi-TMD packets with a length above 4096 bytes.
A privileged guest user in a guest with an AMD PCNet ethernet card
enabled can potentially use this flaw to execute arbitrary code on
the host with the privileges of the hosting QEMU process.
CVE-2015-4103
Jan Beulich discovered that the QEMU Xen code does not properly
restrict write access to the host MSI message data field, allowing
a malicious guest to cause a denial of service.
CVE-2015-4104
Jan Beulich discovered that the QEMU Xen code does not properly
restrict access to PCI MSI mask bits, allowing a malicious guest to
cause a denial of service.
CVE-2015-4105
Jan Beulich reported that the QEMU Xen code enables logging for PCI
MSI-X pass-through error messages, allowing a malicious guest to
cause a denial of se...
Get the latest Linux and open source security news straight to your inbox.