Anthony Perard

Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.11 Description: An issue allows x86 HVM guest OS users to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. Recommendations: For versions prior to 4.11, update to version 4.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.11.8 **Description** The issue allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory. This is achieved by leveraging the copying of uninitialized padding fields in Xen block-interface response structures. **Recommendations** For Linux kernel versions prior to 4.11.8, update to version 4.11.8 or later to resolve the issue.