Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorykernel updatecriticalMageia 8: MGASA-2021-0410 Critical: Kernel L1 Guests AVIC Exploit
This kernel-linus update is based on upstream 5.10.60 and fixes atleast the following security issues: A missing validation of the "int_ctl" VMCB field allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) . MGASA-2021-0410 - Updated kernel-linus packages fix security vulnerabilities Publication date: 23 Aug 2021 URL: https://advisories.mageia.org/MGASA-2021-0410.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3653, CVE-2021-3656, CVE-2021-38205 This kernel-linus update is based on upstream 5.10.60 and fixes atleast the following security issues: A missing validation of the "int_ctl" VMCB field allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape (CVE-2021-3653). A missing validation of the the "virt_ext" VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape (CVE-2021-3656). drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (). For other upstream fixes, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=29385 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.57 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.58 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.59 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.60 -https://www.cve.org/CVERecord?id=CVE-2021-3653 - https://www.cve.org/CVERecord?id=CVE-2021-3656 - https://www.cve.org/CVERecord?id=CVE-2021-38205 SRPMS: - 8/core/kernel-linus-5.10.60-1.mga8 . Core-linux enhancement for OpenMandriva addresses major vulnerabilities, improving overall protection against system failures and information breaches.. Mageia Kernel Update, AVIC Security, System Integrity, Critical Update. . Severity: Critical. LinuxSecurity.com Team
Aug 23, 2021
•Critical
Mageia
202
security advisoryimportantopenSUSEopenSUSE Leap 42.2: 2016:3179-1 Important: LXC Guest Escape Warning
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for lxc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3179-1 Rating: important References: #1010933 Cross-References: CVE-2016-8649 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lxc fixes the following issue: - CVE-2016-8649: guest escape via ptrace of lxc-attach (boo#1010933). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2016-1488=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1488=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-1488=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): lxc-1.1.2-10.1 lxc-debuginfo-1.1.2-10.1 lxc-debugsource-1.1.2-10.1 lxc-devel-1.1.2-10.1 - openSUSE Leap 42.1 (i586 x86_64): lxc-1.1.2-9.1 lxc-debuginfo-1.1.2-9.1 lxc-debugsource-1.1.2-9.1 lxc-devel-1.1.2-9.1 - openSUSE 13.2 (i586 x86_64): lxc-1.0.6-12.1 lxc-debuginfo-1.0.6-12.1 lxc-debugsource-1.0.6-12.1 lxc-devel-1.0.6-12.1 References: https://www.suse.com/security/cve/CVE-2016-8649.html https://bugzilla.suse.com/1010933 . To address a critical LXC security flaw in openSUSE, users must promptly apply the crucial update by following the outlined steps for protection. openSUSE Updates, LXC Security, ImportantPatch Instructions. . Severity: Important. LinuxSecurity.com Team
Dec 16, 2016
•Important
OpenSUSE
89
security advisoryhigh severityupdateFedora 20: 2015-9965 High Severity: Xen Heap Overflow and Guest Escape
Heap overflow in QEMU PCNET controller, allowing guest-> host escape [XSA-135, CVE-2015-3209] (#1230537) GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] Potential unintended writes to host MSI message data field via qemu. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-9965 2015-06-14 11:36:36 -------------------------------------------------------------------------------- Name : xen Product : Fedora 20 Version : 4.3.4 Release : 6.fc20 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: Heap overflow in QEMU PCNET controller, allowing guest-> host escape [XSA-135, CVE-2015-3209] (#1230537) GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103], PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104], Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105], Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Michael Young - 4.3.4-6 - Heap overflow in QEMU PCNET controller, allowing guest-> host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] * Tue Jun 2 2015 Michael Young - 4.3.4-5 - Potential unintended writes to host MSI message data field via qemu [XSA-128,CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) * Wed May 13 2015 Michael Young - 4.3.4-4 - Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) * Mon Apr 20 2015 Michael Young - 4.3.4-3 - Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037) * Tue Mar 31 2015 Michael Young - 4.3.4-2 - Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) * Mon Mar 23 2015 Michael Young - 4.3.4-1 - update to xen-4.3.4 remove patches for fixes that are now included * Thu Mar 12 2015 Michael Young - 4.3.3-12 - HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365) * Wed Mar 11 2015 Michael Young - 4.3.3-11 - Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) * Thu Mar 5 2015 Michael Young - 4.3.3-10 - Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] * Tue Jan 6 2015 Michael Young - 4.3.3-9 - xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221) * Tue Dec 16 2014 Michael Young - 4.3.3-8 - fix xendomains issue introduced by xl migrate --debug patch * Mon Dec 8 2014 Michael Young - 4.3.3-7 - p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsm * Thu Nov 27 2014 Michael Young - 4.3.3-6 - Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIOemulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug (#1166461) * Thu Nov 20 2014 Michael Young - 4.3.3-5 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914) * Wed Nov 19 2014 Michael Young - 4.3.3-4 - Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776) * Wed Oct 1 2014 Michael Young - 4.3.3-3 - Improper MSR range used for x2APIC emulation [XSA-108, CVE-2014-7188] (#1148465) * Tue Sep 23 2014 Michael Young - 4.3.3-2 - Race condition in HVMOP_track_dirty_vram [XSA-104, CVE-2014-7154] (#1145736) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation [XSA-105, CVE-2014-7155] (#1145737) - Missing privilege level checks in x86 emulation of software interrupts [XSA-106, CVE-2014-7156] (#1145738) * Tue Sep 2 2014 Michael Young - 4.3.3-1 - update to xen-4.3.3 remove patches for fixes that are now included * Wed Aug 13 2014 Michael Young - 4.3.2-7 - Long latency virtual-mmu operations are not preemptible [XSA-97, CVE-2014-5146] * Fri Jun 20 2014 Michael Young - 4.3.2-6 - Hypervisor heap contents leaked to guest [XSA-100, CVE-2014-4021] (#1110316) with extra patch to avoid regression * Sun Jun 15 2014 Michael Young - 4.3.2-5 - Fix %if line typo in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583) * Sun May 11 2014 Michael Young - 4.3.2-4 - add systemd preset support (#1094938) * Thu May 1 2014 Michael Young - 4.3.2-3 - HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92, CVE-2014-3124] (#1093315) * Wed Mar 26 2014 Michael Young - 4.3.2-2 - HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) * Tue Feb 18 2014 Michael Young -4.3.2-1 - update to xen-4.3.2 includes fix for "Excessive time to disable caching with HVM guests with PCI passthrough" [XSA-60, CVE-2013-2212] (#987914) - remove patches that are now included * Wed Feb 12 2014 Michael Young - 4.3.1-10 - use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491) * Thu Feb 6 2014 Michael Young - 4.3.1-9 - integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895] libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896] (#1062335) * Fri Jan 24 2014 Michael Young - 4.3.1-8 - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests [XSA-87, CVE-2014-1666] (#1058398) * Thu Jan 23 2014 Michael Young - 4.3.1-7 - Out-of-memory condition yielding memory corruption during IRQ setup [XSA-83, CVE-2014-1642] (#1057142) * Wed Dec 11 2013 Michael Young - 4.3.1-6 - Disaggregated domain management security status update [XSA-77] - IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400] (#1040024) * Mon Dec 2 2013 Michael Young - 4.3.1-5 - HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] * Tue Nov 26 2013 Michael Young - 4.3.1-4 - Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923) * Thu Nov 21 2013 Michael Young - 4.3.1-3 - Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223846 - CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128) https://bugzilla.redhat.com/show_bug.cgi?id=1223846 [ 2 ] Bug #1223851 - CVE-2015-4104 xen: PCI MSI mask bits inadvertentlyexposed to guests (xsa-129) https://bugzilla.redhat.com/show_bug.cgi?id=1223851 [ 3 ] Bug #1223853 - xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130) https://bugzilla.redhat.com/show_bug.cgi?id=1223853 [ 4 ] Bug #1223859 - xen: unmediated PCI register access in qemu (xsa-131) https://bugzilla.redhat.com/show_bug.cgi?id=1223859 [ 5 ] Bug #1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path https://bugzilla.redhat.com/show_bug.cgi?id=1225882 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jun 24, 2015
Fedora
89
security advisorymoderateFedoraFedora 21: 2015-9978 Moderate: Xen Heap Overflow Guest Escape
Heap overflow in QEMU PCNET controller, allowing guest-> host escape [XSA-135, CVE-2015-3209]. GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]. vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-9978 2015-06-14 11:37:20 -------------------------------------------------------------------------------- Name : xen Product : Fedora 21 Version : 4.4.2 Release : 6.fc21 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: Heap overflow in QEMU PCNET controller, allowing guest-> host escape [XSA-135, CVE-2015-3209]. GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]. vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Michael Young - 4.4.2-6 - Heap overflow in QEMU PCNET controller, allowing guest-> host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] * Tue Jun 2 2015 Michael Young - 4.4.2-5 - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) * Wed May 13 2015 Michael Young - 4.4.2-4 - Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456](#1221153) * Mon Apr 20 2015 Michael Young - 4.4.2-3 - Information leak through XEN_DOMCTL_gettscinfo [XSA-132, CVE-2015-3340] (#1214037) * Tue Mar 31 2015 Michael Young - 4.4.2-2 - Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] (#1207741) - Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] (#1307738) - Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] (#1207739) * Mon Mar 23 2015 Michael Young - 4.4.2-1 - update to xen-4.4.2 remove patches for fixes that are now included * Fri Mar 13 2015 Michael Young - 4.4.1-16 - Additional patch for XSA-98 on arm64 * Thu Mar 12 2015 Michael Young - 4.4.1-15 - HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152] (#1201365) * Wed Mar 11 2015 Michael Young - 4.4.1-14 - Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151] (#1200398) * Thu Mar 5 2015 Michael Young - 4.4.1-13 - enable building pngs from fig files which is working again - fix oxenstored.service preset preuninstall script - arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118, CVE-2015-1563] (#1187153) - Information leak via internal x86 system device emulation [XSA-121, CVE-2015-2044] - Information leak through version information hypercall [XSA-122, CVE-2015-2045] * Tue Jan 6 2015 Michael Young - 4.4.1-12 - xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221) * Tue Dec 16 2014 Michael Young - 4.4.1-11 - fix xendomains issue introduced by xl migrate --debug patch * Mon Dec 8 2014 Michael Young - 4.4.1-10 - p2m lock starvation [XSA-114, CVE-2014-9065] - fix build with --without xsm * Thu Nov 27 2014 Michael Young - 4.4.1-9 - Excessive checking in compatibility mode hypercall argument translation [XSA-111, CVE-2014-8866] - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor [XSA-112, CVE-2014-8867] - fix segfaults and failures in xl migrate --debug(#1166461) * Thu Nov 20 2014 Michael Young - 4.4.1-8 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113, CVE-2014-9030] (#1166914) * Tue Nov 18 2014 Michael Young - 4.4.1-7 - Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path https://bugzilla.redhat.com/show_bug.cgi?id=1225882 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jun 24, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!