Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2025-27465 / XSA-470 version 2 x86: Incorrect stubs exception handling for flags recovery UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2025-27462,CVE-2025-27463,CVE-2025-27464 / XSA-468 version 3 WinPVDrivers: Excessive permissions on user-exposed devices UPDATES IN VERSION 3 Public release.

Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2025-1713 / XSA-467 deadlock potential with VT-d and legacy PCI device pass-through ISSUE DESCRIPTION = When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bri

Xen Security Advisory 465 v3 (CVE-2024-53240) - Backend can crash Linux netfront

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-53240 / XSA-465 version 3 Backend can crash Linux netfront UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

Xen Security Advisory 466 v3 (CVE-2024-53241) - Xen hypercall page unsafe against speculative attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-53241 / XSA-466 version 3 Xen hypercall page unsafe against speculative attacks UPDATES IN VERSION 3 Update of patch 5, public release. ISSU

Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-45819 / XSA-464 version 2 libxl leaks data to PVH guests via ACPI tables UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 462 v2 (CVE-2024-45817) - x86: Deadlock in vlapic_error()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-45817 / XSA-462 version 2 x86: Deadlock in vlapic_error() UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 461 v2 (CVE-2024-31146) - PCI device pass-through with shared resources

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-31146 / XSA-461 version 2 PCI device pass-through with shared resources UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 460 v2 (CVE-2024-31145) - error handling in x86 IOMMU identity mapping

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-31145 / XSA-460 version 2 error handling in x86 IOMMU identity mapping UPDATES IN VERSION 2 Wording updated. Public release. ISSUE DESCRIP

Xen Security Advisory 458 v2 (CVE-2024-31143) - double unlock in x86 guest IRQ handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-31143 / XSA-458 version 2 double unlock in x86 guest IRQ handling UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ==

Xen Security Advisory 459 v2 (CVE-2024-31144) - Xapi: Metadata injection attack against backup/restore functionality

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-31144 / XSA-459 version 2 Xapi: Metadata injection attack against backup/restore functionality UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 457 v3 (CVE-2024-27393) - Linux/xen-netfront: Memory leak due to missing cleanup function

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-27393 / XSA-457 version 3 Linux/xen-netfront: Memory leak due to missing cleanup function UPDATES IN VERSION 3 CVE assigned. ISSUE DESCRIPTION =

Xen Security Advisory 457 v2 - Linux/xen-netfront: Memory leak due to missing cleanup function

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory XSA-457 version 2 Linux/xen-netfront: Memory leak due to missing cleanup function UPDATES IN VERSION 2 * Clarify the XSA is in netfront and *not* netb

Xen Security Advisory 457 v1 - Linux/xen-netback: Memory leak due to missing cleanup function

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory XSA-457 Linux/xen-netback: Memory leak due to missing cleanup function ISSUE DESCRIPTION = In netback, xennet_alloc_one_rx_buffer() failed to call the appropriate clean-up function, res

Xen Security Advisory 456 v3 (CVE-2024-2201) - x86: Native Branch History Injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-2201 / XSA-456 version 3 x86: Native Branch History Injection UPDATES IN VERSION 3 Issues were found with the original code changes. Se

Xen Security Advisory 456 v2 (CVE-2024-2201) - x86: Native Branch History Injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-2201 / XSA-456 version 2 x86: Native Branch History Injection UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 455 v4 (CVE-2024-31142) - x86: Incorrect logic for BTC/SRSO mitigations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2024-31142 / XSA-455 version 4 x86: Incorrect logic for BTC/SRSO mitigations UPDATES IN VERSION 4 Public release. Correct references to prior

Xen Security Advisory 454 v2 (CVE-2023-46842) - x86 HVM hypercalls may trigger Xen bug check

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46842 / XSA-454 version 2 x86 HVM hypercalls may trigger Xen bug check UPDATES IN VERSION 2 Avoid new Misra violation in 1st staging patch.

Xen Security Advisory 451 v2 (CVE-2023-46841) - x86: shadow stack vs exceptions from emulation stubs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46841 / XSA-451 version 2 x86: shadow stack vs exceptions from emulation stubs UPDATES IN VERSION 2 Largely cosmetic adjustment in patches. Pu

Xen Security Advisory 449 v2 (CVE-2023-46839) - pci: phantom functions assigned to incorrect contexts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46839 / XSA-449 version 2 pci: phantom functions assigned to incorrect contexts UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 450 v2 (CVE-2023-46840) - VT-d: Failure to quarantine devices in !HVM builds

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46840 / XSA-450 version 2 VT-d: Failure to quarantine devices in !HVM builds UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 448 v2 (CVE-2023-46838) - Linux: netback processing of zero-length transmit fragment

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46838 / XSA-448 version 2 Linux: netback processing of zero-length transmit fragment UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 447 v2 (CVE-2023-46837) - arm32: The cache may not be properly cleaned/invalidated (take two)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46837 / XSA-447 version 2 arm32: The cache may not be properly cleaned/invalidated (take two) UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 446 v2 (CVE-2023-46836) - x86: BTC/SRSO fixes not fully effective

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46836 / XSA-446 version 2 x86: BTC/SRSO fixes not fully effective UPDATES IN VERSION 2 Grammar fixes. Public release. ISSUE DESCRIPTIO

Xen Security Advisory 445 v3 (CVE-2023-46835) - x86/AMD: mismatch in IOMMU quarantine page table levels

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-46835 / XSA-445 version 3 x86/AMD: mismatch in IOMMU quarantine page table levels UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ==

Xen Security Advisory 444 v3 (CVE-2023-34327,CVE-2023-34328) - x86/AMD: Debug Mask handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34327,CVE-2023-34328 / XSA-444 version 3 x86/AMD: Debug Mask handling UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

Xen Security Advisory 442 v2 (CVE-2023-34326) - x86/AMD: missing IOMMU TLB flushing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34326 / XSA-442 version 2 x86/AMD: missing IOMMU TLB flushing UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 440 v3 (CVE-2023-34323) - xenstored: A transaction conflict can crash C Xenstored

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34323 / XSA-440 version 3 xenstored: A transaction conflict can crash C Xenstored UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ==

Xen Security Advisory 441 v4 (CVE-2023-34324) - Possible deadlock in Linux kernel event handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34324 / XSA-441 version 4 Possible deadlock in Linux kernel event handling UPDATES IN VERSION 4 Public release. Modified advisory again to s

Xen Security Advisory 439 v2 (CVE-2023-20588) - x86/AMD: Divide speculative information leak

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-20588 / XSA-439 version 2 x86/AMD: Divide speculative information leak UPDATES IN VERSION 2 Version 1 accidentally linked to the wrong AMD

Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-20588 / XSA-439 x86/AMD: Divide speculative information leak ISSUE DESCRIPTION = In the Zen1 microarchitecure, there is one divider in the pipeline which services uops from bo

Xen Security Advisory 438 v2 (CVE-2023-34322) - top-level shadow reference dropped too early for 64-bit PV guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34322 / XSA-438 version 2 top-level shadow reference dropped too early for 64-bit PV guests UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 437 v2 (CVE-2023-34321) - arm32: The cache may not be properly cleaned/invalidated

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34321 / XSA-437 version 2 arm32: The cache may not be properly cleaned/invalidated UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 434 v1 (CVE-2023-20569) - x86/AMD: Speculative Return Stack Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-20569 / XSA-434 x86/AMD: Speculative Return Stack Overflow ISSUE DESCRIPTION = Researchers from ETH Zurich have extended their prior research (XSA-422, Branch Type Confusion

Xen Security Advisory 435 v1 (CVE-2022-40982) - x86/Intel: Gather Data Sampling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-40982 / XSA-435 x86/Intel: Gather Data Sampling ISSUE DESCRIPTION = A researcher has discovered Gather Data Sampling, a transient execution side-channel whereby the AVX

Xen Security Advisory 432 v2 (CVE-2023-34319) - Linux: buffer overrun in netback due to unusual packet

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34319 / XSA-432 version 2 Linux: buffer overrun in netback due to unusual packet UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-34320 / XSA-436 arm: Guests can trigger a deadlock on Cortex-A77 ISSUE DESCRIPTION = Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certa

Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-20593 / XSA-433 version 3 x86/AMD: Zenbleed UPDATES IN VERSION 3 The patch provided with earlier versions was buggy. It unint

Xen Security Advisory 433 v2 (CVE-2023-20593) - x86/AMD: Zenbleed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2023-20593 / XSA-433 version 2 x86/AMD: Zenbleed UPDATES IN VERSION 2 Include the CVE, which was missed accidentally in the rush of

Xen Security Advisory 433 v1 - x86/AMD: Zenbleed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory XSA-433 x86/AMD: Zenbleed ISSUE DESCRIPTION = Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZ

Xen Security Notice 1 v1 - winpvdrvbuild.xenproject.org potentially compromised

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Notice 1 winpvdrvbuild.xenproject.org potentially compromised ISSUE DESCRIPTION = Software running on the Xen Project hosted subdomain winpvdrvbuild.xenproject.org is outdated and vulnerab

Xen Security Advisory 431 v1 (CVE-2022-42336) - Mishandling of guest SSBD selection on AMD hardware

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42336 / XSA-431 Mishandling of guest SSBD selection on AMD hardware ISSUE DESCRIPTION = The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires t

Xen Security Advisory 430 v2 (CVE-2022-42335) - x86 shadow paging arbitrary pointer dereference

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42335 / XSA-430 version 2 x86 shadow paging arbitrary pointer dereference UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 429 v3 (CVE-2022-42331) - x86: speculative vulnerability in 32bit SYSCALL path

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42331 / XSA-429 version 3 x86: speculative vulnerability in 32bit SYSCALL path UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 427 v2 (CVE-2022-42332) - x86 shadow plus log-dirty mode use-after-free

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42332 / XSA-427 version 2 x86 shadow plus log-dirty mode use-after-free UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 428 v3 (CVE-2022-42333,CVE-2022-42334) - x86/HVM pinned cache attributes mis-handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42333,CVE-2022-42334 / XSA-428 version 3 x86/HVM pinned cache attributes mis-handling UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

Xen Security Advisory 426 v2 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-27672 / XSA-426 version 2 x86: Cross-Thread Return Address Predictions UPDATES IN VERSION 2 Xen 4.16 is vulnerable too. The previous analy

Xen Security Advisory 426 v1 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-27672 / XSA-426 x86: Cross-Thread Return Address Predictions ISSUE DESCRIPTION = It has been discovered that on some AMD CPUs, the RAS (Return Address Stack, also called RAP -

Xen Security Advisory 425 v1 (CVE-2022-42330) - Guests can cause Xenstore crash via soft reset

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42330 / XSA-425 Guests can cause Xenstore crash via soft reset ISSUE DESCRIPTION = When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstac

Xen Security Advisory 423 v2 (CVE-2022-3643) - Guests can trigger NIC interface reset/abort/crash via netback

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-3643 / XSA-423 version 2 Guests can trigger NIC interface reset/abort/crash via netback UPDATES IN VERSION 2 Patch updated. ISSUE DESCRIPTION ==

Xen Security Advisory 423 v1 (CVE-2022-3643) - Guests can trigger NIC interface reset/abort/crash via netback

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-3643 / XSA-423 Guests can trigger NIC interface reset/abort/crash via netback ISSUE DESCRIPTION = It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux bas

Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42328,CVE-2022-42329 / XSA-424 Guests can trigger deadlock in Linux netback driver ISSUE DESCRIPTION = The patch for XSA-392 introduced another issue which might result in a deadlock wh

Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-23824 / XSA-422 version 2 x86: Multiple speculative security issues UPDATES IN VERSION 2 Change the URL referenced for the Branch Type Co

Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-23824 / XSA-422 x86: Multiple speculative security issues ISSUE DESCRIPTION = 1) Researchers have discovered that on some AMD CPUs, the implementation of IBPB (Indirect B

Xen Security Advisory 421 v2 (CVE-2022-42325,CVE-2022-42326) - Xenstore: Guests can create arbitrary number of nodes via transactions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42325,CVE-2022-42326 / XSA-421 version 2 Xenstore: Guests can create arbitrary number of nodes via transactions UPDATES IN VERSION 2 Fix typo in title. Publi

Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31 bit integer truncation issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42324 / XSA-420 version 2 Oxenstored 32->31 bit integer truncation issues UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ==

Xen Security Advisory 419 v2 (CVE-2022-42322,CVE-2022-42323) - Xenstore: Cooperating guests can create arbitrary numbers of nodes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42322,CVE-2022-42323 / XSA-419 version 2 Xenstore: Cooperating guests can create arbitrary numbers of nodes UPDATES IN VERSION 2 Public release. ISSUE DESC

Xen Security Advisory 412 v2 (CVE-2022-42327) - x86: unintended memory sharing between guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42327 / XSA-412 version 2 x86: unintended memory sharing between guests UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 415 v2 (CVE-2022-42310) - Xenstore: Guests can create orphaned Xenstore nodes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42310 / XSA-415 version 2 Xenstore: Guests can create orphaned Xenstore nodes UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42309 / XSA-414 version 2 Xenstore: Guests can crash xenstored UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 417 v2 (CVE-2022-42320) - Xenstore: Guests can get access to Xenstore nodes of deleted domains

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-42320 / XSA-417 version 2 Xenstore: Guests can get access to Xenstore nodes of deleted domains UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-33749 / XSA-413 version 2 XAPI open file limit DoS UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION = It

Xen Security Advisory 411 v3 (CVE-2022-33748) - lock order inversion in transitive grant copy handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-33748 / XSA-411 version 3 lock order inversion in transitive grant copy handling UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-33745 / XSA-408 version 3 insufficient TLB flush for x86 PV guests in shadow mode UPDATES IN VERSION 3 Update hash for metadata file. ISSUE DES

Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-33745 / XSA-408 version 2 insufficient TLB flush for x86 PV guests in shadow mode UPDATES IN VERSION 2 Added metadata Public release. ISSUE DE

Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-33743 / XSA-405 version 3 network backend may cause Linux netfront to use freed SKBs UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742 / XSA-403 version 3 Linux disk/nic frontends data leaks UPDATES IN VERSION 3 Publi

Xen Security Advisory 406 v3 (CVE-2022-33744) - Arm guests can cause Dom0 DoS via PV devices

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-33744 / XSA-406 version 3 Arm guests can cause Dom0 DoS via PV devices UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION

Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-21123,CVE-2022-21124,CVE-2022-21166 / XSA-404 x86: MMIO Stale Data vulnerabilities ISSUE DESCRIPTION = This issue is related to the SRBDS, TAA and MDS vulnerabilities. Please see:

Xen Security Advisory 401 v2 (CVE-2022-26362) - x86 pv: Race condition in typeref acquisition

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-26362 / XSA-401 version 2 x86 pv: Race condition in typeref acquisition UPDATES IN VERSION 2 Update 4.16 and 4.15 baselines. Public releas

Xen Security Advisory 399 v2 (CVE-2022-26357) - race in VT-d domain ID cleanup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-26357 / XSA-399 version 2 race in VT-d domain ID cleanup UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-26356 / XSA-397 version 2 Racy interactions between dirty vram tracking and paging log dirty hypercalls UPDATES IN VERSION 2 Public release. ISSUE DES

Xen Security Advisory 396 v3 (CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042) - Linux PV device frontends vulnerable to attacks by backends

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042 / XSA-396 version 3 Linux PV device frontends vu

Xen Security Advisory 395 v2 (CVE-2022-23035) - Insufficient cleanup of passed-through device IRQs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-23035 / XSA-395 version 2 Insufficient cleanup of passed-through device IRQs UPDATES IN VERSION 2 Adjust patch subject. Public release. ISSU

Xen Security Advisory 394 v3 (CVE-2022-23034) - A PV guest could DoS Xen while unmapping a grant

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-23034 / XSA-394 version 3 A PV guest could DoS Xen while unmapping a grant UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ==

Xen Security Advisory 393 v2 (CVE-2022-23033) - arm: guest_physmap_remove_page not removing the p2m mappings

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2022-23033 / XSA-393 version 2 arm: guest_physmap_remove_page not removing the p2m mappings UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 376 v1 - frontends vulnerable to backends

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory XSA-376 frontends vulnerable to backends ISSUE DESCRIPTION = Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver do

Xen Security Advisory 392 v4 (CVE-2021-28714,CVE-2021-28715) - Guest can force Linux netback driver to hog large amounts of kernel memory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28714,CVE-2021-28715 / XSA-392 version 4 Guest can force Linux netback driver to hog large amounts of kernel memory UPDATES IN VERSION 4 Public release ISSUE

Xen Security Advisory 391 v3 (CVE-2021-28711,CVE-2021-28712,CVE-2021-28713) - Rogue backends can cause DoS of guests via high frequency events

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28711,CVE-2021-28712,CVE-2021-28713 / XSA-391 version 3 Rogue backends can cause DoS of guests via high frequency events UPDATES IN VERSION 3 Public release

Xen Security Advisory 388 v3 (CVE-2021-28704,CVE-2021-28707,CVE-2021-28708) - PoD operations on misaligned GFNs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28704,CVE-2021-28707,CVE-2021-28708 / XSA-388 version 3 PoD operations on misaligned GFNs UPDATES IN VERSION 3 Correct affected versions ran

Xen Security Advisory 385 v2 (CVE-2021-28706) - guests may exceed their designated memory limit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28706 / XSA-385 version 2 guests may exceed their designated memory limit UPDATES IN VERSION 2 Add CVE numbers to patches. Public release.

Xen Security Advisory 387 v2 (CVE-2021-28703) - grant table v2 status pages may remain accessible after de-allocation (take two)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28703 / XSA-387 version 2 grant table v2 status pages may remain accessible after de-allocation (take two) UPDATES IN VERSION 2 Public release. ISSUE

Xen Security Advisory 389 v3 (CVE-2021-28705,CVE-2021-28709) - issues with partially successful P2M updates on x86

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28705,CVE-2021-28709 / XSA-389 version 3 issues with partially successful P2M updates on x86 UPDATES IN VERSION 3 Add CVE numbers to patches. Public

Xen Security Advisory 390 v1 (CVE-2021-28710) - certain VT-d IOMMUs may not work in shared page table mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28710 / XSA-390 certain VT-d IOMMUs may not work in shared page table mode ISSUE DESCRIPTION = For efficiency reasons, address translation control structures (page tables) may (and,

Xen Security Advisory 386 v2 (CVE-2021-28702) - PCI devices with RMRRs not deassigned correctly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28702 / XSA-386 version 2 PCI devices with RMRRs not deassigned correctly UPDATES IN VERSION 2 Updated/corrected information about vulnerabl

Xen Security Advisory 386 v1 (CVE-2021-28702) - PCI devices with RMRRs not deassigned correctly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28702 / XSA-386 PCI devices with RMRRs not deassigned correctly ISSUE DESCRIPTION = Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Res

Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in XENMAPSPACE_grant_table handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28701 / XSA-384 version 3 Another race in XENMAPSPACE_grant_table handling UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 380 v3 (CVE-2021-28698) - long running loops in grant table handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28698 / XSA-380 version 3 long running loops in grant table handling UPDATES IN VERSION 3 New bugfix patch on top of the prior set. ISSUE

Xen Security Advisory 380 v2 (CVE-2021-28698) - long running loops in grant table handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28698 / XSA-380 version 2 long running loops in grant table handling UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION =

Xen Security Advisory 383 v2 (CVE-2021-28700) - xen/arm: No memory limit for dom0less domUs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28700 / XSA-383 version 2 xen/arm: No memory limit for dom0less domUs UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 382 v2 (CVE-2021-28699) - inadequate grant-v2 status frames array bounds check

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28699 / XSA-382 version 2 inadequate grant-v2 status frames array bounds check UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 379 v2 (CVE-2021-28697) - grant table v2 status pages may remain accessible after de-allocation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28697 / XSA-379 version 2 grant table v2 status pages may remain accessible after de-allocation UPDATES IN VERSION 2 Patches updated to fix a typo in a

Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-0089,CVE-2021-26313 / XSA-375 version 4 Speculative Code Store Bypass UPDATES IN VERSION 4 Correct the link to the AMD bulletin. ISSUE D

Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-0089,CVE-2021-26313 / XSA-375 version 3 Speculative Code Store Bypass UPDATES IN VERSION 3 Added additional CVE, as Intel and AMD allocated

Xen Security Advisory 377 v2 (CVE-2021-28690) - x86: TSX Async Abort protections not restored after S3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28690 / XSA-377 version 2 x86: TSX Async Abort protections not restored after S3 UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 375 v2 (CVE-2021-0089) - Speculative Code Store Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-0089 / XSA-375 version 2 Speculative Code Store Bypass UPDATES IN VERSION 2 New 4.12 backport (also targeting 4.11), addressing a bui

Xen Security Advisory 374 v2 (CVE-2021-28691) - Guest triggered use-after-free in Linux xen-netback

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28691 / XSA-374 version 2 Guest triggered use-after-free in Linux xen-netback UPDATES IN VERSION 2 Public release. ISSUE DESCRIPTION

Xen Security Advisory 372 v3 (CVE-2021-28693) - xen/arm: Boot modules are not scrubbed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28693 / XSA-372 version 3 xen/arm: Boot modules are not scrubbed UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ===

Xen Security Advisory 370 v2 (CVE-2021-28689) - x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28689 / XSA-370 version 2 x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests UPDATES IN VERSION 2 Note that the patch is docs-onl

Xen Security Advisory 371 v3 (CVE-2021-28688) - Linux: blkback driver may leak persistent grants

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Xen Security Advisory CVE-2021-28688 / XSA-371 version 3 Linux: blkback driver may leak persistent grants UPDATES IN VERSION 3 Public release. ISSUE DESCRIPTION ==

  1   2   3   >