FEDORA-2019-2e12bd3a9a

FEDORA-2019-6aad703290

https://xenbits.xen.org/xsa/advisory-307.html

This update for xen fixes the following issues :

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).

CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).

CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).

CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

Xenstored Crashed during VM install (bsc#1167152)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202003-56 (Xen: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Xen. Please review the       referenced CVE identifiers for details.
  Impact :

    A local attacker could potentially gain privileges on the host system or       cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update for xen fixes the following issues :

CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304).

CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279).

CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497 XSA-305).

CVE-2019-12067: Fixed a NULL pointer dereference in QEMU AHCI (bsc#1145652).

CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874).

CVE-2019-12155: Fixed a NULL pointer dereference while releasing spice resources (bsc#1135905).

CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in slirp networking implementation (bsc#1143797).

CVE-2019-15890: Fixed a use-after-free during packet reassembly (bsc#1149813).

CVE-2019-17340: Fixed grant table transfer issues on large hosts (XSA-284 bsc#1126140).

CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285 bsc#1126141).

CVE-2019-17342: Fixed steal_page violating page_struct access discipline (XSA-287 bsc#1126192).

CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288 bsc#1126195).

CVE-2019-17344: Fixed a missing preemption in x86 PV page table unvalidation (XSA-290 bsc#1126196).

CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293 bsc#1126201).

CVE-2019-18420: Fixed a hypervisor crash that could be caused by malicious x86 PV guests, resulting in a denial of service (bsc#1154448 XSA-296).

CVE-2019-18421: Fixed a privilege escalation through malicious PV guest administrators (bsc#1154458 XSA-299).

CVE-2019-18424: Fixed a privilege escalation through DMA to physical devices by untrusted domains (bsc#1154461 XSA-302).

CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used mode (bsc#1154456 XSA-298).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes the following issues :

CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181).

CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888).

CVE-2019-19581: find_next_bit() issues (bsc#1158003).

CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004).

CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005).

CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006).

CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007).

CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448).

CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456).

CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458).

CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461).

CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945).

CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes the following issues :

  - CVE-2019-19581: Fixed a potential out of bounds on     32-bit Arm (bsc#1158003 XSA-307).

  - CVE-2019-19582: Fixed a potential infinite loop when x86     accesses to bitmaps with a compile time known size of 64     (bsc#1158003 XSA-307).

  - CVE-2019-19583: Fixed improper checks which could have     allowed HVM/PVH guest userspace code to crash the     guest,leading to a guest denial of service (bsc#1158004     XSA-308).

  - CVE-2019-19578: Fixed an issue where a malicious or     buggy PV guest could have caused hypervisor crash     resulting in denial of service affecting the entire host     (bsc#1158005 XSA-309).

  - CVE-2019-19580: Fixed a privilege escalation where a     malicious PV guest administrator could have been able to     escalate their privilege to that of the host     (bsc#1158006 XSA-310).

  - CVE-2019-19577: Fixed an issue where a malicious guest     administrator could have caused Xen to access data     structures while they are being modified leading to a     crash (bsc#1158007 XSA-311). 

  - CVE-2019-19579: Fixed a privilege escaltion where an     untrusted domain with access to a physical device can     DMA into host memory (bsc#1157888 XSA-306).

  - Fixed an issue where PCI passthrough failed on AMD     machine xen host (bsc#1157047). 

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.

In addition this update provides mitigations for the 'TSX Asynchronous Abort'speculative side channel attack. For additional information please refer to https://xenbits.xen.org/xsa/advisory-305.html

denial of service in find_next_bit() [XSA-307, CVE-2019-19581, CVE-2019-19582] (#1782211) denial of service in HVM/PVH guest userspace code [XSA-308, CVE-2019-19583] (#1782206) privilege escalation due to malicious PV guest [XSA-309, CVE-2019-19578] (#1782210) Further issues with restartable PV type change operations [XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic height handling for AMD IOMMU pagetables [XSA-311, CVE-2019-19577] (#1782208)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a mishandling of a certain bit iteration in 32-bit Arm systems. An authenticated local attacker can exploit this issue, to cause a denial of service (DOS).

Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.

This update for xen fixes the following issues :

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).

Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes the following issues :

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).

CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). (bsc#1154460).

CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation.
(bsc#1154461).

CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes the following issues :

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).

CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS) (bsc#1154460 XSA-301).

CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464 XSA-303)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes the following issues :

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).

CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a denial of service (bsc#1154448 XSA-296)

CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456 XSA-298).

CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458 XSA-299).

CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a denial of service (bsc#1154460 XSA-301).

CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464 XSA-303)

CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation.
(bsc#1154461 XSA-302).

CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945 XSA-304)

CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497 XSA-305).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xen fixes the following issues :

CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).

CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).

CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).

CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).

CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
137624	SUSE SLES12 Security Update : xen (SUSE-SU-2020:1630-1)	Nessus	SuSE Local Security Checks	high
134964	GLSA-202003-56 : Xen: Multiple vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Gentoo Local Security Checks	high
133763	SUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)	Nessus	SuSE Local Security Checks	high
133539	SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)	Nessus	SuSE Local Security Checks	high
132904	openSUSE Security Update : xen (openSUSE-2020-11)	Nessus	SuSE Local Security Checks	high
132875	Debian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Debian Local Security Checks	high
132641	Fedora 30 : xen (2019-2e12bd3a9a)	Nessus	Fedora Local Security Checks	high
132343	Xen 32-bit Arm Guest OS Denial Of Service vulnerability (XSA-307)	Nessus	Misc.	low
132309	SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3338-1)	Nessus	SuSE Local Security Checks	high
132113	Fedora 31 : xen (2019-6aad703290)	Nessus	Fedora Local Security Checks	high
132092	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:3310-1)	Nessus	SuSE Local Security Checks	high
132091	SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3309-1)	Nessus	SuSE Local Security Checks	high
132073	SUSE SLES12 Security Update : xen (SUSE-SU-2019:3297-1)	Nessus	SuSE Local Security Checks	high
132072	SUSE SLES12 Security Update : xen (SUSE-SU-2019:3296-1)	Nessus	SuSE Local Security Checks	high

CVE-2019-19581

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins