[Pkg-xen-devel] New CVE for Xen

Thomas Goirand zigo at debian.org
Thu Sep 22 08:40:32 UTC 2011


There's few CVE for Xen, are we affected, and are fixes planned for
Lenny, Squeeze and Unstable?

* A denial of service (Host Crash) in the XEN
   hypervisor. (CVE-2011-2901)
* A bug was found in the way Xen handles CPUID
   instruction emulation during VM exits. An unprivileged
   guest user can potentially use this flaw to crash the
   guest. (CVE-2011-1936)
* A 64-bit guest can get one of its vcpus into
   non-kernel mode without first providing a valid non-kernel
   pagetable. The observed failure mode was usually a hard
   lockup of the host (host denial of service). (CVE-2011-1166)

Cheers,

Thomas



More information about the Pkg-xen-devel mailing list