[Pkg-xen-devel] New CVE for Xen

Bastian Blank waldi at debian.org
Wed Oct 26 12:37:57 UTC 2011

On Thu, Sep 22, 2011 at 04:40:32PM +0800, Thomas Goirand wrote:
> * A denial of service (Host Crash) in the XEN
>    hypervisor. (CVE-2011-2901)
> * A bug was found in the way Xen handles CPUID
>    instruction emulation during VM exits. An unprivileged
>    guest user can potentially use this flaw to crash the
>    guest. (CVE-2011-1936)

Not taken yet.

> * A 64-bit guest can get one of its vcpus into
>    non-kernel mode without first providing a valid non-kernel
>    pagetable. The observed failure mode was usually a hard
>    lockup of the host (host denial of service). (CVE-2011-1166)

In the security queue since four months.


You can't evaluate a man by logic alone.
		-- McCoy, "I, Mudd", stardate 4513.3

More information about the Pkg-xen-devel mailing list