The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
http://rhn.redhat.com/errata/RHSA-2015-2636.html
http://rhn.redhat.com/errata/RHSA-2015-2645.html
http://rhn.redhat.com/errata/RHSA-2016-0046.html
http://support.citrix.com/article/CTX202583
http://support.citrix.com/article/CTX203879
http://www.debian.org/security/2015/dsa-3414
http://www.debian.org/security/2015/dsa-3426
http://www.debian.org/security/2016/dsa-3454
http://www.openwall.com/lists/oss-security/2015/11/10/5
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/77524
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034105
http://www.ubuntu.com/usn/USN-2840-1
http://www.ubuntu.com/usn/USN-2841-1
http://www.ubuntu.com/usn/USN-2841-2
http://www.ubuntu.com/usn/USN-2842-1
http://www.ubuntu.com/usn/USN-2842-2
http://www.ubuntu.com/usn/USN-2843-1
http://www.ubuntu.com/usn/USN-2843-2
http://www.ubuntu.com/usn/USN-2844-1
http://xenbits.xen.org/xsa/advisory-156.html
https://bugzilla.redhat.com/show_bug.cgi?id=1278496
https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
OR
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*
OR
OR
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* versions from 4.0.0 to 4.0.34 (inclusive)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* versions from 4.1.0 to 4.1.42 (inclusive)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* versions from 4.2.0 to 4.2.34 (inclusive)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* versions from 4.3.0 to 4.3.35 (inclusive)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* versions from 5.0.0 to 5.0.13 (inclusive)
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.2.3 (inclusive)
OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124989 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1536) | Nessus | Huawei Local Security Checks | high |
124812 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488) | Nessus | Huawei Local Security Checks | high |
99163 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) | Nessus | OracleVM Local Security Checks | critical |
93289 | SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1) | Nessus | SuSE Local Security Checks | critical |
92679 | Debian DSA-3426-1 : Linux Security Update | Nessus | Debian Local Security Checks | medium |
92454 | Oracle Solaris Critical Patch Update : jul2016_SRU11_3_8_7_0 | Nessus | Solaris Local Security Checks | medium |
91198 | Debian DLA-479-1 : xen security update | Nessus | Debian Local Security Checks | medium |
90482 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-445) | Nessus | SuSE Local Security Checks | critical |
90019 | OracleVM 3.2 : kernel-uek (OVMSA-2016-0037) | Nessus | OracleVM Local Security Checks | critical |
89723 | SUSE SLES10 Security Update : Xen (SUSE-SU-2016:0658-1) | Nessus | SuSE Local Security Checks | high |
89459 | Fedora 21 : kernel-4.1.13-100.fc21 (2015-f2c534bc12) | Nessus | Fedora Local Security Checks | medium |
89457 | Fedora 21 : xen-4.4.3-8.fc21 (2015-f150b2a8c8) | Nessus | Fedora Local Security Checks | medium |
89412 | Fedora 22 : kernel-4.2.6-200.fc22 (2015-cd94ad8d7c) | Nessus | Fedora Local Security Checks | medium |
89260 | Fedora 22 : xen-4.5.2-2.fc22 (2015-668d213dc3) | Nessus | Fedora Local Security Checks | medium |
89212 | Fedora 23 : xen-4.5.2-2.fc23 (2015-394835a3f6) | Nessus | Fedora Local Security Checks | medium |
89149 | Fedora 23 : kernel-4.2.6-300.fc23 (2015-115c302856) | Nessus | Fedora Local Security Checks | medium |
88605 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-136) | Nessus | SuSE Local Security Checks | high |
88558 | RHEL 7 : kernel (RHSA-2016:0103) | Nessus | Red Hat Local Security Checks | high |
88545 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-124) | Nessus | SuSE Local Security Checks | critical |
88423 | Debian DSA-3454-1 : virtualbox - security update | Nessus | Debian Local Security Checks | medium |
88170 | OracleVM 3.3 : xen (OVMSA-2016-0007) | Nessus | OracleVM Local Security Checks | high |
88124 | openSUSE Security Update : xen (openSUSE-2016-34) | Nessus | SuSE Local Security Checks | high |
88051 | Oracle VM VirtualBox < 4.0.36 / 4.1.44 / 4.2.36 / 4.3.34 / 5.0.10 Multiple Vulnerabilities (January 2016 CPU) | Nessus | Misc. | high |
87999 | RHEL 6 : kernel (RHSA-2016:0046) | Nessus | Red Hat Local Security Checks | medium |
87905 | F5 Networks BIG-IP : Linux kernel vulnerabilities (K31026324) | Nessus | F5 Networks Local Security Checks | medium |
87886 | RHEL 6 : kernel (RHSA-2016:0024) | Nessus | Red Hat Local Security Checks | medium |
87836 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503) | Nessus | Oracle Linux Local Security Checks | medium |
87835 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502) | Nessus | Oracle Linux Local Security Checks | medium |
87804 | RHEL 6 : kernel (RHSA-2016:0004) | Nessus | Red Hat Local Security Checks | medium |
87651 | SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2339-1) | Nessus | SuSE Local Security Checks | high |
87650 | SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1) | Nessus | SuSE Local Security Checks | high |
87591 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2328-1) | Nessus | SuSE Local Security Checks | high |
87590 | SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1) | Nessus | SuSE Local Security Checks | high |
87588 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1) | Nessus | SuSE Local Security Checks | high |
87583 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20151208) | Nessus | Scientific Linux Local Security Checks | medium |
87528 | SUSE SLES11 Security Update : xen (SUSE-SU-2015:2306-1) | Nessus | SuSE Local Security Checks | medium |
87497 | Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2843-2) | Nessus | Ubuntu Local Security Checks | medium |
87471 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2844-1) | Nessus | Ubuntu Local Security Checks | medium |
87470 | Ubuntu 15.10 : linux vulnerabilities (USN-2843-1) | Nessus | Ubuntu Local Security Checks | medium |
87469 | Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2842-2) | Nessus | Ubuntu Local Security Checks | medium |
87468 | Ubuntu 15.04 : linux vulnerabilities (USN-2842-1) | Nessus | Ubuntu Local Security Checks | medium |
87467 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2841-2) | Nessus | Ubuntu Local Security Checks | medium |
87466 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2841-1) | Nessus | Ubuntu Local Security Checks | medium |
87465 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2840-1) | Nessus | Ubuntu Local Security Checks | medium |
87443 | openSUSE Security Update : xen (openSUSE-2015-893) | Nessus | SuSE Local Security Checks | high |
87403 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20151215) | Nessus | Scientific Linux Local Security Checks | medium |
87399 | RHEL 6 : kernel (RHSA-2015:2645) | Nessus | Red Hat Local Security Checks | medium |
87398 | RHEL 6 : kernel (RHSA-2015:2636) | Nessus | Red Hat Local Security Checks | medium |
87396 | Oracle Linux 6 : kernel (ELSA-2015-2636) | Nessus | Oracle Linux Local Security Checks | medium |
87393 | openSUSE Security Update : xen (openSUSE-2015-892) | Nessus | SuSE Local Security Checks | high |
87391 | openSUSE Security Update : the Linux Kernel (openSUSE-2015-879) | Nessus | SuSE Local Security Checks | medium |
87381 | CentOS 6 : kernel (CESA-2015:2636) | Nessus | CentOS Local Security Checks | medium |
87333 | OracleVM 3.3 : kernel-uek (OVMSA-2015-0154) | Nessus | OracleVM Local Security Checks | medium |
87332 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3107) | Nessus | Oracle Linux Local Security Checks | medium |
87288 | Debian DSA-3414-1 : xen - security update | Nessus | Debian Local Security Checks | medium |
87281 | CentOS 7 : kernel (CESA-2015:2552) | Nessus | CentOS Local Security Checks | medium |
87274 | RHEL 7 : kernel (RHSA-2015:2552) | Nessus | Red Hat Local Security Checks | medium |
87271 | Oracle Linux 7 : kernel (ELSA-2015-2552) | Nessus | Oracle Linux Local Security Checks | medium |
87214 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2194-1) | Nessus | SuSE Local Security Checks | medium |
87104 | SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2108-1) | Nessus | SuSE Local Security Checks | high |
87012 | Citrix XenServer Multiple Infinite Loop Guest-to-Host DoS (CTX202583) | Nessus | Misc. | medium |
86877 | FreeBSD : xen-kernel -- CPU lockup during exception delivery (2cabfbab-8bfb-11e5-bd18-002590263bf5) | Nessus | FreeBSD Local Security Checks | medium |
86818 | MS KB3108638: Update for Windows Hyper-V to Address CPU Weakness | Nessus | Windows | medium |