September 11, 2012
The Xen security team has released eight security advisories regarding the Xen hypervisor. AWS customers are not affected by these issues. Information on the advisories can be found below:
Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Xen Security Advisory 18 (CVE-2012-3516) - grant table entry swaps have inadequate bounds checking
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html