Ross Lagerwall

**Name of the Vulnerable Software and Affected Versions** Linux (affected versions not specified) **Description** The issue is related to the Linux netback driver, which was modified to handle a frontend splitting a packet in a way that not all headers come in one piece. However, the introduced logic did not account for the extreme case of the entire packet being split into many pieces, yet still being smaller than the area that keeps all possible headers together. This unusual packet would trigger a buffer overrun in the driver. The `xenvif get requests()` function in the `drivers/net/xen-netback/netback.c` module is specifically mentioned as being related to the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen versions through 4.13.x **Description** The issue is related to errors in return values of the GNTTABOP map grant component in the Xen hypervisor. Exploitation of this issue can allow an attacker to cause a denial of service. The problem arises from a bad error path in GNTTABOP map grant, where grant table operations are expected to return 0 for success and a negative number for errors, but misplaced brackets cause one error path to return 1 instead of a negative value. This condition is treated as success by the grant table code in Linux, leading to incorrectly initialized state. A buggy or malicious guest can construct its grant table to hit the incorrect error path when a backend domain tries to map a grant, resulting in a crash of a Linux-based dom0 or backend domain. **Recommendations** For Xen versions through 4.13.x, consider disabling the GNTTABOP map grant operation until a patch is available to prevent potential denial of service attacks. Restrict access to grant table operations to minimize the risk of exploitation. Avoid using the grant table in a way that could trigger the incorrect error path until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quick Emulator (aka QEMU) (affected versions not specified) **Description** The issue allows local guest OS privileged users to cause a denial of service by leveraging incorrect region calculation when updating VGA display, potentially leading to out-of-bounds access and a QEMU process crash. It is related to the Cirrus CLGD 54xx VGA Emulator support. The vulnerability can be exploited to write data beyond a specified buffer, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK+ versions prior to 2.6.6 **Description** The issue allows remote attackers to view a secure HTTP request, including secure cookies, due to late TLS certificate verification. **Recommendations** For versions prior to 2.6.6, update to version 2.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information transmitted over secure HTTP requests until the update is applied.