FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
90becf7c-1acf-11e7-970f-002590263bf5	xen-kernel -- broken check in memory_exchange() permits PV guest breakout The Xen Project reports: The XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. Discovery 2017-04-04 Entry 2017-04-06 xen-kernel < 4.7.2_1 CVE-2017-7228 https://xenbits.xen.org/xsa/advisory-212.html
3ae078ca-c7eb-11e6-ae1b-002590263bf5	xen-kernel -- x86 PV guests may be able to mask interrupts The Xen Project reports: Certain PV guest kernel operations (page table writes in particular) need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state used to return to guest context. A malicious guest kernel administrator can cause a host hang or crash, resulting in a Denial of Service. Discovery 2016-12-21 Entry 2016-12-22 xen-kernel < 4.7.1_3 CVE-2016-10024 https://xenbits.xen.org/xsa/advisory-202.html
da70d472-af59-11e7-ace2-f8b156b439c5	xen-kernel -- multiple vulnerabilities The Xen project reports multiple vulnerabilities. Discovery 2017-10-12 Entry 2017-10-12 xen-kernel < 4.7.2_6 http://xenbits.xen.org/xsa/advisory-237.html http://xenbits.xen.org/xsa/advisory-238.html http://xenbits.xen.org/xsa/advisory-239.html http://xenbits.xen.org/xsa/advisory-240.html http://xenbits.xen.org/xsa/advisory-241.html http://xenbits.xen.org/xsa/advisory-242.html http://xenbits.xen.org/xsa/advisory-243.html http://xenbits.xen.org/xsa/advisory-244.html

VuXML ID

Description

90becf7c-1acf-11e7-970f-002590263bf5

xen-kernel -- broken check in memory_exchange() permits PV guest breakout

The Xen Project reports:

The XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks.

Discovery 2017-04-04
Entry 2017-04-06
xen-kernel

< 4.7.2_1

CVE-2017-7228
https://xenbits.xen.org/xsa/advisory-212.html

3ae078ca-c7eb-11e6-ae1b-002590263bf5

xen-kernel -- x86 PV guests may be able to mask interrupts

The Xen Project reports:

Certain PV guest kernel operations (page table writes in particular) need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state used to return to guest context.

A malicious guest kernel administrator can cause a host hang or crash, resulting in a Denial of Service.

Discovery 2016-12-21
Entry 2016-12-22
xen-kernel

< 4.7.1_3

CVE-2016-10024
https://xenbits.xen.org/xsa/advisory-202.html

da70d472-af59-11e7-ace2-f8b156b439c5

xen-kernel -- multiple vulnerabilities

The Xen project reports multiple vulnerabilities.

Discovery 2017-10-12
Entry 2017-10-12
xen-kernel

< 4.7.2_6

http://xenbits.xen.org/xsa/advisory-237.html
http://xenbits.xen.org/xsa/advisory-238.html
http://xenbits.xen.org/xsa/advisory-239.html
http://xenbits.xen.org/xsa/advisory-240.html
http://xenbits.xen.org/xsa/advisory-241.html
http://xenbits.xen.org/xsa/advisory-242.html
http://xenbits.xen.org/xsa/advisory-243.html
http://xenbits.xen.org/xsa/advisory-244.html