Ian Jackson

**Name of the Vulnerable Software and Affected Versions** Xen versions 4.8.x through 4.10.x **Description** An issue in Xen allows x86 PVH guest OS users to cause a denial of service by leveraging the mishandling of configurations that lack a Local APIC, resulting in a NULL pointer dereference and hypervisor crash. **Recommendations** For Xen versions 4.8.x through 4.10.x, consider configuring the Local APIC properly to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen versions 4.6.x through 4.9.x **Description** A race condition exists in the grant table code, allowing local guest OS administrators to cause a denial of service, resulting in free list corruption and host crash, or gain privileges on the host. This issue involves vectors related to maptrack free list handling. **Recommendations** For Xen versions 4.6.x through 4.9.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen version 4.7 **Description** The issue allows local guest OS users to obtain sensitive host information. This is achieved by loading a 32-bit ELF symbol table. **Recommendations** For Xen version 4.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen versions 3.2 through 4.1 **Description** The issue is caused by multiple integer overflows in the `xc dom bzimageloader.c` file, allowing local users to potentially execute arbitrary code or cause a denial of service. This can be achieved by using a crafted paravirtualised guest kernel image that triggers either a buffer overflow during decompression or an out-of-bounds read in the loader. **Recommendations** For Xen versions 3.2 through 4.1, update to a version that includes the fix for the integer overflows in `xc dom bzimageloader.c`. As a temporary workaround, consider restricting the use of paravirtualised guest kernel images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qemu versions 0.9.1 and earlier **Description** The issue allows guest host users with root privileges to access arbitrary memory and escape the virtual machine due to a lack of range checks for block device read or write requests. **Recommendations** For Qemu versions 0.9.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Network Manager (affected versions not specified) **Description** The issue is related to a format string vulnerability in the nm info handler function. This vulnerability may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier. The vulnerability occurs because the identifier is not properly handled in a syslog call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.