FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
90becf7c-1acf-11e7-970f-002590263bf5xen-kernel -- broken check in memory_exchange() permits PV guest breakout

The Xen Project reports:

The XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks.


Discovery 2017-04-04
Entry 2017-04-06
xen-kernel
< 4.7.2_1

CVE-2017-7228
https://xenbits.xen.org/xsa/advisory-212.html
80a897a2-c1a6-11e6-ae1b-002590263bf5xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override

The Xen Project reports:

The x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override (making it CMPXCHG16B). So, the operand size is always 8 or 16. When support for CMPXCHG16B emulation was added to the instruction emulator, this restriction on the set of possible operand sizes was relied on in some parts of the emulation; but a wrong, fully general, operand size value was used for other parts of the emulation. As a result, if a guest uses a supposedly-ignored operand size prefix, a small amount of hypervisor stack data is leaked to the guests: a 96 bit leak to guests running in 64-bit mode; or, a 32 bit leak to other guests.

A malicious unprivileged guest may be able to obtain sensitive information from the host.


Discovery 2016-12-13
Entry 2016-12-14
xen-kernel
< 4.7.1_1

CVE-2016-9932
http://xenbits.xen.org/xsa/advisory-200.html
da70d472-af59-11e7-ace2-f8b156b439c5xen-kernel -- multiple vulnerabilities

The Xen project reports multiple vulnerabilities.


Discovery 2017-10-12
Entry 2017-10-12
xen-kernel
< 4.7.2_6

http://xenbits.xen.org/xsa/advisory-237.html
http://xenbits.xen.org/xsa/advisory-238.html
http://xenbits.xen.org/xsa/advisory-239.html
http://xenbits.xen.org/xsa/advisory-240.html
http://xenbits.xen.org/xsa/advisory-241.html
http://xenbits.xen.org/xsa/advisory-242.html
http://xenbits.xen.org/xsa/advisory-243.html
http://xenbits.xen.org/xsa/advisory-244.html
3ae078ca-c7eb-11e6-ae1b-002590263bf5xen-kernel -- x86 PV guests may be able to mask interrupts

The Xen Project reports:

Certain PV guest kernel operations (page table writes in particular) need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state used to return to guest context.

A malicious guest kernel administrator can cause a host hang or crash, resulting in a Denial of Service.


Discovery 2016-12-21
Entry 2016-12-22
xen-kernel
< 4.7.1_3

CVE-2016-10024
https://xenbits.xen.org/xsa/advisory-202.html
942433db-c661-11e6-ae1b-002590263bf5xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation

The Xen Project reports:

The typical behaviour of singlestepping exceptions is determined at the start of the instruction, with a #DB trap being raised at the end of the instruction. SYSCALL (and SYSRET, although we don't implement it) behave differently because the typical behaviour allows userspace to escalate its privilege. (This difference in behaviour seems to be undocumented.) Xen wrongly raised the exception based on the flags at the start of the instruction.

Guest userspace which can invoke the instruction emulator can use this flaw to escalate its privilege to that of the guest kernel.


Discovery 2016-12-19
Entry 2016-12-20
xen-kernel
< 4.7.1_2

CVE-2016-10013
http://xenbits.xen.org/xsa/advisory-204.html