[Pkg-xen-devel] New CVE for Xen
waldi at debian.org
Wed Oct 26 12:37:57 UTC 2011
On Thu, Sep 22, 2011 at 04:40:32PM +0800, Thomas Goirand wrote:
> * A denial of service (Host Crash) in the XEN
> hypervisor. (CVE-2011-2901)
> * A bug was found in the way Xen handles CPUID
> instruction emulation during VM exits. An unprivileged
> guest user can potentially use this flaw to crash the
> guest. (CVE-2011-1936)
Not taken yet.
> * A 64-bit guest can get one of its vcpus into
> non-kernel mode without first providing a valid non-kernel
> pagetable. The observed failure mode was usually a hard
> lockup of the host (host denial of service). (CVE-2011-1166)
In the security queue since four months.
You can't evaluate a man by logic alone.
-- McCoy, "I, Mudd", stardate 4513.3
More information about the Pkg-xen-devel