Security Notice – Statement on Multiple Xen Vulnerabilities
- Initial Release Date: Mar 19, 2015
- Last Release Date: Dec 15, 2015
Huawei was aware of multiple Xen security vulnerabilities. Those vulnerabilities include:
- HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA-119, CVE ID: CVE-2015-2152)
- Non-maskable interrupts triggerable by guests (XSA-120, CVE ID: CVE-2015-2150)
- Hypervisor memory corruption due to x86 emulator flaw (XSA-123, CVE ID: CVE-2015-2151)
- Information leak via internal x86 system device emulation (XSA-121, CVE ID: CVE-2015-2044)
- Information leak through version information hypercall (XSA-122, CVE ID: CVE-2015-2045)
Huawei has analyzed the vulnerability and confirms that Huawei products are not affected by vulnerability CVE-2015-2152. Other vulnerabilities are being fixed. Huawei has released a security advisory (SA) and fixed versions. Customers can ask for support from local Huawei technical support services if necessary. The link is:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
2015-12-15 V1.2 FINAL
2015-03-28 V1.1 UPDATED Added the SA link
2015-03-19 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
