http://www.openwall.com/lists/oss-security/2017/12/12/4

102167

1040768

[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update

[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update

GLSA-201801-14

https://support.citrix.com/article/CTX232096

DSA-4112

https://xenbits.xen.org/xsa/advisory-248.html

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0039 for details.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.

For Debian 8 'Jessie', these problems have been fixed in version 4.4.4lts2-0+deb8u1.

We recommend that you upgrade your xen packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - From: Jan Beulich Subject: x86/paging: don't     unconditionally BUG on finding SHARED_M2P_ENTRY PV     guests can fully control the values written into the     P2M. This is XSA-251. (CVE-2017-17565)

  - From: Jan Beulich Subject: x86/shadow: fix ref-counting     error handling The old-Linux handling in shadow_set_l4e     mistakenly ORed together the results of sh_get_ref and     sh_pin. As the latter failing is not a correctness     problem, simply ignore its return value. In     sh_set_toplevel_shadow a failing sh_get_ref must not be     accompanied by installing the entry, despite the domain     being crashed. This is XSA-250. (CVE-2017-17564)

  - From: Jan Beulich Subject: x86/shadow: fix refcount     overflow check Commit c385d27079 ('x86 shadow: for     multi-page shadows, explicitly track the first page')     reduced the refcount width to 25, without adjusting the     overflow check. Eliminate the disconnect by using a     manifest constant. Interestingly, up to commit     047782fa01 ('Out-of-sync L1 shadows: OOS snapshot') the     refcount was 27 bits wide, yet the check was already     using 26. This is XSA-249. v2: Simplify expression back     to the style it was. (CVE-2017-17563)

  - From: Jan Beulich Subject: x86/mm: don't wrongly set     page ownership PV domains can obtain mappings of any     pages owned by the correct domain, including ones that     aren't actually assigned as 'normal' RAM, but used by     Xen internally. At the moment such 'internal' pages     marked as owned by a guest include pages used to track     logdirty bits, as well as p2m pages and the 'unpaged     pagetable' for HVM guests. Since the PV memory     management and shadow code conflict in their use of     struct page_info fields, and since shadow code is being     used for log-dirty handling for PV domains, pages coming     from the shadow pool must, for PV domains, not have the     domain set as their owner. While the change could be     done conditionally for just the PV case in shadow code,     do it unconditionally (and for consistency also for     HAP), just to be on the safe side. There's one special     case though for shadow code: The page table used for     running a HVM guest in unpaged mode is subject to     get_page (in set_shadow_status) and hence must have its     owner set. This is XSA-248.

    Conflict: xen/arch/x86/mm/hap/hap.c     xen/arch/x86/mm/shadow/common.c (CVE-2017-17566)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0224 for details.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - BUILDINFO: OVMF     commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen     commit=5ee0a217664a1fde547afa506e92e4998ed26699

  - BUILDINFO: QEMU upstream     commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional     commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE     commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS     commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - Red-tape: Update the repo with CVE XSA-262 (Boris     Ostrovsky) [Orabug: 27948889] (CVE-2018-10981)

  - Red-tape: Update the repo with CVE XSA-261 (Boris     Ostrovsky) [Orabug: 27948864] (CVE-2018-10982)

  - BUILDINFO: OVMF     commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen     commit=a20dadee84429112c3b5f245180f72d990063d20

  - BUILDINFO: QEMU upstream     commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional     commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE     commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS     commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - x86/HVM: guard against emulator driving ioreq state in     weird ways (Jan Beulich) [Orabug: 27948889]

  - x86/vpt: add support for IO-APIC routed interrupts (Xen     Project Security Team) [Orabug: 27948864]

  - BUILDINFO: OVMF     commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen     commit=c6b30b4f49430b1314928a4d98a5e9e754895e4d

  - BUILDINFO: QEMU upstream     commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional     commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE     commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS     commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - vnuma: unset smt even if vnuma is off (Elena Ufimtseva)     [Orabug: 27950640]

  - x86/paging: don't unconditionally BUG on finding     SHARED_M2P_ENTRY (Jan Beulich) [Orabug: 27965254]     (CVE-2017-17565)

  - x86/mm: don't wrongly set page ownership (Jan Beulich)     [Orabug: 27965236] (CVE-2017-17566)

  - misc/xenmicrocode: Upload /lib/firmware/<some blob> to     the hypervisor (Konrad Rzeszutek Wilk) [Orabug:
    27957822]

  - BUILDINFO: OVMF     commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen     commit=75ac5267506600d4587b80daae6bb694099e2c03

  - BUILDINFO: QEMU upstream     commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional     commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE     commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS     commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - x86/traps: Fix handling of #DB exceptions in hypervisor     context (Andrew Cooper) [Orabug: 27963989]     (CVE-2018-8897)

  - x86/traps: Use an Interrupt Stack Table for #DB (Andrew     Cooper) [Orabug: 27963989] (CVE-2018-8897)

  - x86/pv: Move exception injection into     [,compat_]test_all_events (Andrew Cooper) [Orabug:
    27963989] (CVE-2018-8897)

  - x86/traps: Fix %dr6 handing in #DB handler (Andrew     Cooper) [Orabug: 27963989] (CVE-2018-8897)

  - x86/traps: Misc non-functional improvements to     set_debugreg (Andrew Cooper) [Orabug: 27963989]     (CVE-2018-8897)

  - x86/pv: Several bugs in set_debugreg (Ross Philipson)     [Orabug: 27963989] (CVE-2018-8897)

  - x86/pv: The do_get_debugreg CR4.DE condition is     inverted. (Ross Philipson) [Orabug: 27963989]     (CVE-2018-8897)

  - BUILDINFO: OVMF     commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen     commit=d787e7a9d35cc2880b525f1d7a35f27969590f4c

  - BUILDINFO: QEMU upstream     commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional     commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE     commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS     commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - vnuma: don't turn on smt for odd number of vcpus (Elena     Ufimtseva)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0218 for details.

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities.

This update for xen fixes several issues. These security issues were fixed :

  - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent     information leaks via side effects of speculative     execution, aka 'Spectre' and 'Meltdown' attacks     (bsc#1074562, bsc#1068032)

  - CVE-2018-5683: The vga_draw_text function allowed local     OS guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address validation     (bsc#1076116).

  - CVE-2017-18030: The cirrus_invalidate_region function     allowed local OS guest privileged users to cause a     denial of service (out-of-bounds array access and QEMU     process crash) via vectors related to negative pitch     (bsc#1076180).

  - CVE-2017-15595: x86 PV guest OS users were able to cause     a DoS (unbounded recursion, stack consumption, and     hypervisor crash) or possibly gain privileges via     crafted page-table stacking (bsc#1061081)

  - CVE-2017-17566: Prevent PV guest OS users to cause a     denial of service (host OS crash) or gain host OS     privileges in shadow mode by mapping a certain auxiliary     page (bsc#1070158).

  - CVE-2017-17563: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging an incorrect mask for reference-count     overflow checking in shadow mode (bsc#1070159).

  - CVE-2017-17564: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging incorrect error handling for reference     counting in shadow mode (bsc#1070160).

  - CVE-2017-17565: Prevent PV guest OS users to cause a     denial of service (host OS crash) if shadow mode and     log-dirty mode are in place, because of an incorrect     assertion related to M2P (bsc#1070163).

  - Added missing intermediate preemption checks for guest     requesting removal of memory. This allowed malicious     guest administrator to cause denial of service due to     the high cost of this operation (bsc#1080635).

  - Because of XEN not returning the proper error messages     when transitioning grant tables from v2 to v1 a     malicious guest was able to cause DoS or potentially     allowed for privilege escalation as well as information     leaks (bsc#1080662).

  - CVE-2017-5898: The CCID Card device emulator support was     vulnerable to an integer overflow flaw allowing a     privileged user to crash the Qemu process on the host     resulting in DoS (bsc#1024307)

  - Unprivileged domains could have issued well-timed writes     to xenstore which conflict with transactions to stall     progress of the control domain or driver domain,     possibly leading to DoS (bsc#1030144, XSA-206).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes several issues. This new feature was included :

  - add script and sysv service to watch for vcpu     online/offline events in a HVM domU These security     issues were fixed :

  - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent     information leaks via side effects of speculative     execution, aka 'Spectre' and 'Meltdown' attacks     (bsc#1074562, bsc#1068032)

  - CVE-2018-5683: The vga_draw_text function allowed local     OS guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address validation     (bsc#1076116).

  - CVE-2017-18030: The cirrus_invalidate_region function     allowed local OS guest privileged users to cause a     denial of service (out-of-bounds array access and QEMU     process crash) via vectors related to negative pitch     (bsc#1076180).

  - CVE-2017-15595: x86 PV guest OS users were able to cause     a DoS (unbounded recursion, stack consumption, and     hypervisor crash) or possibly gain privileges via     crafted page-table stacking (bsc#1061081)

  - CVE-2017-17566: Prevent PV guest OS users to cause a     denial of service (host OS crash) or gain host OS     privileges in shadow mode by mapping a certain auxiliary     page (bsc#1070158).

  - CVE-2017-17563: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging an incorrect mask for reference-count     overflow checking in shadow mode (bsc#1070159).

  - CVE-2017-17564: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging incorrect error handling for reference     counting in shadow mode (bsc#1070160).

  - CVE-2017-17565: Prevent PV guest OS users to cause a     denial of service (host OS crash) if shadow mode and     log-dirty mode are in place, because of an incorrect     assertion related to M2P (bsc#1070163).

  - Added missing intermediate preemption checks for guest     requesting removal of memory. This allowed malicious     guest administrator to cause denial of service due to     the high cost of this operation (bsc#1080635).

  - Because of XEN not returning the proper error messages     when transitioning grant tables from v2 to v1 a     malicious guest was able to cause DoS or potentially     allowed for privilege escalation as well as information     leaks (bsc#1080662).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes several issues. These security issues were fixed :

  - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent     information leaks via side effects of speculative     execution, aka 'Spectre' and 'Meltdown' attacks     (bsc#1074562, bsc#1068032)

  - CVE-2018-5683: The vga_draw_text function allowed local     OS guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address validation     (bsc#1076116).

  - CVE-2017-18030: The cirrus_invalidate_region function     allowed local OS guest privileged users to cause a     denial of service (out-of-bounds array access and QEMU     process crash) via vectors related to negative pitch     (bsc#1076180).

  - CVE-2017-15595: x86 PV guest OS users were able to cause     a DoS (unbounded recursion, stack consumption, and     hypervisor crash) or possibly gain privileges via     crafted page-table stacking (bsc#1061081)

  - CVE-2017-17566: Prevent PV guest OS users to cause a     denial of service (host OS crash) or gain host OS     privileges in shadow mode by mapping a certain auxiliary     page (bsc#1070158).

  - CVE-2017-17563: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging an incorrect mask for reference-count     overflow checking in shadow mode (bsc#1070159).

  - CVE-2017-17564: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging incorrect error handling for reference     counting in shadow mode (bsc#1070160).

  - CVE-2017-17565: Prevent PV guest OS users to cause a     denial of service (host OS crash) if shadow mode and     log-dirty mode are in place, because of an incorrect     assertion related to M2P (bsc#1070163).

  - Added missing intermediate preemption checks for guest     requesting removal of memory. This allowed malicious     guest administrator to cause denial of service due to     the high cost of this operation (bsc#1080635).

  - Because of XEN not returning the proper error messages     when transitioning grant tables from v2 to v1 a     malicious guest was able to cause DoS or potentially     allowed for privilege escalation as well as information     leaks (bsc#1080662).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes several issues. These security issues were fixed :

  - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent     information leaks via side effects of speculative     execution, aka 'Spectre' and 'Meltdown' attacks     (bsc#1074562, bsc#1068032)

  - CVE-2017-15595: x86 PV guest OS users were able to cause     a DoS (unbounded recursion, stack consumption, and     hypervisor crash) or possibly gain privileges via     crafted page-table stacking (bsc#1061081)

  - CVE-2017-17566: Prevent PV guest OS users to cause a     denial of service (host OS crash) or gain host OS     privileges in shadow mode by mapping a certain auxiliary     page (bsc#1070158).

  - CVE-2017-17563: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging an incorrect mask for reference-count     overflow checking in shadow mode (bsc#1070159).

  - CVE-2017-17564: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging incorrect error handling for reference     counting in shadow mode (bsc#1070160).

  - CVE-2017-17565: Prevent PV guest OS users to cause a     denial of service (host OS crash) if shadow mode and     log-dirty mode are in place, because of an incorrect     assertion related to M2P (bsc#1070163).

  - CVE-2018-5683: The vga_draw_text function allowed local     OS guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address validation     (bsc#1076116).

  - CVE-2017-18030: The cirrus_invalidate_region function     allowed local OS guest privileged users to cause a     denial of service (out-of-bounds array access and QEMU     process crash) via vectors related to negative pitch     (bsc#1076180).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes several issues.

These security issues were fixed :

  - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent     information leaks via side effects of speculative     execution, aka 'Spectre' and 'Meltdown' attacks     (bsc#1074562, bsc#1068032)

  - CVE-2017-15595: x86 PV guest OS users were able to cause     a DoS (unbounded recursion, stack consumption, and     hypervisor crash) or possibly gain privileges via     crafted page-table stacking (bsc#1061081)

  - CVE-2017-17566: Prevent PV guest OS users to cause a     denial of service (host OS crash) or gain host OS     privileges in shadow mode by mapping a certain auxiliary     page (bsc#1070158).

  - CVE-2017-17563: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging an incorrect mask for reference-count     overflow checking in shadow mode (bsc#1070159).

  - CVE-2017-17564: Prevent guest OS users to cause a denial     of service (host OS crash) or gain host OS privileges by     leveraging incorrect error handling for reference     counting in shadow mode (bsc#1070160).

  - CVE-2017-17565: Prevent PV guest OS users to cause a     denial of service (host OS crash) if shadow mode and     log-dirty mode are in place, because of an incorrect     assertion related to M2P (bsc#1070163).

  - CVE-2018-5683: The vga_draw_text function allowed local     OS guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address validation     (bsc#1076116).

  - CVE-2017-18030: The cirrus_invalidate_region function     allowed local OS guest privileged users to cause a     denial of service (out-of-bounds array access and QEMU     process crash) via vectors related to negative pitch     (bsc#1076180).

These non-security issues were fixed :

  - bsc#1067317: pass cache=writeback|unsafe|directsync to     qemu depending on the libxl disk settings

  - bsc#1051729: Prevent invalid symlinks after install of     SLES 12 SP2

  - bsc#1035442: Increased the value of     LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many     domUs shutdown in parallel the backends couldn't keep up 

  - bsc#1027519: Added several upstream patches This update     was imported from the SUSE:SLE-12-SP3:Update update     project.

Multiple vulnerabilities have been discovered in the Xen hypervisor :

  - CVE-2017-17563     Jan Beulich discovered that an incorrect reference count     overflow check in x86 shadow mode may result in denial     of service or privilege escalation.

  - CVE-2017-17564     Jan Beulich discovered that improper x86 shadow mode     reference count error handling may result in denial of     service or privilege escalation.

  - CVE-2017-17565     Jan Beulich discovered that an incomplete bug check in     x86 log-dirty handling may result in denial of service.

  - CVE-2017-17566     Jan Beulich discovered that x86 PV guests may gain     access to internally used pages which could result in     denial of service or potential privilege escalation.

In addition this update ships the 'Comet' shim to address the Meltdown class of vulnerabilities for guests with legacy PV kernels. In addition, the package provides the 'Xen PTI stage 1' mitigation which is built-in and enabled by default on Intel systems, but can be disabled with `xpti=false' on the hypervisor command line (It does not make sense to use both xpti and the Comet shim.)

Please refer to the following URL for more details on how to configure individual mitigation strategies:
https://xenbits.xen.org/xsa/advisory-254.html

Additional information can also be found in README.pti and README.comet.

The remote host is affected by the vulnerability described in GLSA-201801-14 (Xen: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Xen. Please review the       referenced CVE identifiers for details.
  Impact :

    A local attacker could potentially execute arbitrary code with the       privileges of the Xen (QEMU) process on the host, gain privileges on the       host system, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

another patch related to the [XSA-240, CVE-2017-15595] issue x86 PV guests may gain access to internally used page [XSA-248] broken x86 shadow mode refcount overflow check [XSA-249] improper x86 shadow mode refcount error handling [XSA-250] improper bug check in x86 log-dirty handling [XSA-251]

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-11.

We recommend that you upgrade your xen packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

another patch related to the [XSA-240, CVE-2017-15595] issue xen:
various flaws (#1525018) x86 PV guests may gain access to internally used page [XSA-248] broken x86 shadow mode refcount overflow check [XSA-249] improper x86 shadow mode refcount error handling [XSA-250] improper bug check in x86 log-dirty handling [XSA-251]

----

xen: various flaws (#1518214) x86: infinite loop due to missing PoD error checking [XSA-246] Missing p2m error checking in PoD code [XSA-247]

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host privilege escalation vulnerability.

Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.

ID	Name	Product	Family	Severity
140019	OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
118215	Debian DLA-1549-1 : xen security update	Nessus	Debian Local Security Checks	high
111992	OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
110305	OracleVM 3.2 : xen (OVMSA-2018-0225)	Nessus	OracleVM Local Security Checks	medium
110110	OracleVM 3.3 : xen (OVMSA-2018-0224) (Meltdown) (Spectre)	Nessus	OracleVM Local Security Checks	medium
109989	OracleVM 3.4 : xen (OVMSA-2018-0221)	Nessus	OracleVM Local Security Checks	high
109987	OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre)	Nessus	OracleVM Local Security Checks	high
108886	Citrix XenServer Multiple Vulnerabilities (CTX232096)	Nessus	Misc.	medium
108369	SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
107254	SUSE SLES11 Security Update : xen (SUSE-SU-2018:0638-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
107144	SUSE SLES12 Security Update : xen (SUSE-SU-2018:0609-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
107140	SUSE SLES12 Security Update : xen (SUSE-SU-2018:0601-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106901	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0472-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106864	openSUSE Security Update : xen (openSUSE-2018-169) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106834	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0438-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106820	Debian DSA-4112-1 : xen - security update	Nessus	Debian Local Security Checks	medium
106038	GLSA-201801-14 : Xen: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
105882	Fedora 27 : xen (2017-5945560816)	Nessus	Fedora Local Security Checks	high
105621	Debian DLA-1230-1 : xen security update	Nessus	Debian Local Security Checks	high
105617	Citrix XenServer Multiple Vulnerabilities (CTX231390) (Meltdown)(Spectre)	Nessus	Misc.	medium
105511	Fedora 26 : xen (2017-16a414b3c5)	Nessus	Fedora Local Security Checks	high
105490	Xen PV Guests Internally Used Pages Access Handling Guest-to-Host Privilege Escalation (XSA-248)	Nessus	Misc.	medium

CVE-2017-17566

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins