|
Date |
Qubes security bulletin |
|
2024-11-12 |
QSB-106: Information disclosure through uninitialized memory in libxl |
|
2024-10-17 |
QSB-105: Missing enforced decorations for stubdomain windows under KDE |
|
2024-07-30 |
QSB-104: GUI-related security bugs |
|
2024-07-16 |
QSB-103: Double unlock in x86 guest IRQ handling (XSA-458) |
|
2024-04-09 |
QSB-102: Multiple speculative-execution vulnerabilities: Spectre-BHB, BTC/... |
|
2024-03-12 |
QSB-101: Register File Data Sampling (XSA-452) |
|
2024-01-30 |
QSB-100: Incorrect handling of PCI devices with phantom functions (XSA-449) |
|
2024-01-19 |
QSB-099: Qrexec policy leak via policy.RegisterArgument service |
|
2023-12-15 |
QSB-098: CPU microcode updates not loaded with dom0 kernel version 6.6.x |
|
2023-11-14 |
QSB-097: "Reptar" Intel redundant prefix vulnerability |
|
2023-11-14 |
QSB-096: BTC/SRSO fixes not fully effective (XSA-446) |
|
2023-10-10 |
QSB-095: Missing IOMMU TLB flushing on x86 AMD systems |
|
2023-09-27 |
QSB-094: x86/AMD: Divide speculative information leak |
|
2023-08-09 |
QSB-093: Transient execution vulnerabilities in AMD and Intel CPUs |
|
2023-08-08 |
QSB-092: Buffer overrun in Linux netback driver (XSA-432) |
|
2023-07-26 |
QSB-091: Windows PV drivers potentially compromised |
|
2023-07-24 |
QSB-090: Zenbleed (CVE-2023-20593, XSA-433) |
|
2023-05-11 |
QSB-089: Qrexec: Memory corruption in service request handling |
|
2023-03-21 |
QSB-088: Two Xen issues affecting PV (stub-)domains (XSA-428, XSA-429) |
|
2022-11-23 |
QSB-087: Qrexec: Injection of unsanitized data into log output |
|
2022-11-08 |
QSB-086: Speculative security issues on AMD CPUs (XSA-422) |
|
2022-11-01 |
QSB-085: Xenstore: Guests can crash xenstored (XSA-414) |
|
2022-08-06 |
QSB-084: Split GPG: GnuPG file descriptor confusion and file existence leak |
|
2022-07-13 |
QSB-083: Retbleed: Arbitrary speculative code execution with return instru... |
|
2022-07-05 |
QSB-082: Memory management issues in PV frontend drivers |
|
2022-06-17 |
QSB-081: x86: MMIO Stale Data vulnerabilities (XSA-404) |
|
2022-06-09 |
QSB-080: Issues with PV domains and PCI passthrough (XSA-401, XSA-402) |
|
2022-04-05 |
QSB-079: Two IOMMU-related Xen issues (XSA-399, XSA-400) |
|
2022-03-10 |
QSB-078: Linux kernel PV driver issues and LVM misconfiguration |
|
2022-03-09 |
QSB-077: Multiple speculative security issues (XSA-398) |
|
2022-02-11 |
QSB-076: Intel microcode updates |
|
2022-01-25 |
QSB-075: Insufficient cleanup of passed-through device IRQs (XSA-395) |
|
2021-11-23 |
QSB-074: Xen issues related to populate-on-demand (XSA-388, XSA-389) |
|
2021-10-15 |
QSB-073: Race condition when setting override-redirect flag |
|
2021-09-27 |
QSB-072: Inconsistent handling of the override-redirect flag |
|
2021-09-09 |
QSB-071: Fatal options filtering flaw in Split GPG |
|
2021-08-25 |
QSB-070: Xen issues related to grant tables v2 and IOMMU |
|
2021-06-08 |
QSB-069: Multiple Xen and Intel issues |
|
2021-06-04 |
QSB-068: Disconnecting a video output can cause XScreenSaver to crash |
|
2021-03-19 |
QSB-067: Multiple RPM vulnerabilities |
|
2021-03-03 |
QSB-066: XML injection through libvirt domain configuration |
|
2021-02-18 |
QSB-065: Missed flush in XSA-321 backport (XSA-366) |
|
2021-02-16 |
QSB-064: Linux: error handling issues in blkback's grant mapping (XSA-365) |
|
2020-12-15 |
QSB-063: Multiple Xen issues (XSA-115, XSA-325, XSA-350) |
|
2020-11-24 |
QSB-062: Stack corruption from XSA-346 change (XSA-355) |
|
2020-11-10 |
QSB-061: Information leak via power sidechannel (XSA-351) |
|
2020-10-20 |
QSB-060: Multiple Xen issues (XSA-345, XSA-346, XSA-347) |
|
2020-09-22 |
QSB-059: Multiple Xen issues (XSA-337, XSA-340, XSA-343) |
|
2020-07-07 |
QSB-058: Insufficient cache write-back under VT-d (XSA-321) |
|
2020-06-11 |
QSB-057: Special Register Buffer speculative side channel (XSA-320) |
|
2019-12-25 |
QSB-056: Insufficient anti-spoofing firewall rules |
|
2019-12-11 |
QSB-055: Issues with PV type change and handling IOMMU on AMD (XSA-310, XS... |
|
2019-11-26 |
QSB-054: Xen fix for XSA-302 found ineffective in Qubes configuration (XSA... |
|
2019-11-13 |
QSB-053: TSX Asynchronous Abort speculative side channel (XSA-305) |
|
2019-10-31 |
QSB-052: Xen issues affecting PCI passthrough and PV domains (XSA-299, XSA... |
|
2019-09-10 |
QSB-051: Insufficient validation of backup compression filter on restore |
|
2019-07-24 |
QSB-050: Reinstalling a TemplateVM does not reset the private volume |
|
2019-05-15 |
QSB-049: Microarchitectural Data Sampling speculative side channel (XSA-297) |
|
2019-03-05 |
QSB-048: Multiple Xen vulnerabilities |
|
2019-02-19 |
QSB-047: Insecure default DisposableVM networking configuration |
|
2019-01-23 |
QSB-046: APT update mechanism vulnerability |
|
2018-12-03 |
QSB-045: Insecure default Salt configuration |
|
2018-11-20 |
QSB-044: Multiple Xen vulnerabilities (XSA-275, XSA-280) |
|
2018-09-02 |
QSB-043: L1 Terminal Fault speculative side channel (XSA-273) |
|
2018-08-14 |
QSB-042: Linux netback driver OOB access in hash handling (XSA-270) |
|
2018-06-13 |
QSB-041: Speculative register leakage from lazy FPU context switching (XSA... |
|
2018-05-24 |
QSB-040: Information leaks due to processor speculative store bypass (XSA-... |
|
2018-05-08 |
QSB-039: Xen vulnerability (XSA-260) and GUI daemon issue |
|
2018-02-20 |
QSB-038: Qrexec policy bypass and possible information leak |
|
2018-01-11 |
QSB-037: Information leaks due to processor speculative execution bugs |
|
2017-11-28 |
QSB-036: Xen hypervisor issue in populate-on-demand code (XSA-247) |
|
2017-10-24 |
QSB-035: Xen hypervisor issue related to grant tables (XSA-236) |
|
2017-10-12 |
QSB-034: GUI issue and Xen vulnerabilities (XSA-237 through XSA-244) |
|
2017-09-12 |
QSB-033: Xen hypervisor (XSA-231 through XSA-234) |
|
2017-08-15 |
QSB-032: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through ... |
|
2017-06-20 |
QSB-031: Xen hypervisor vulnerabilities with unresearched impact (XSA 216-... |
|
2017-05-02 |
QSB-030: Critical Xen bugs related to PV memory virtualization (XSA-213, X... |
|
2017-04-04 |
QSB-029: Critical Xen bug in PV memory virtualization code (XSA-212) |
|
2016-12-19 |
QSB-028: Debian update mechanism vulnerability |
|
2016-11-22 |
QSB-027: Xen 64-bit bit test instruction emulation broken (XSA 195) |
|
2016-09-19 |
QSB-026: Colored window border handling bug in Qubes GUI daemon |
|
2016-09-08 |
QSB-025: Xen bug in event channel handling code (XSA 188) |
|
2016-07-26 |
QSB-024: Critical Xen bug in PV memory virtualization code (XSA 182) |
|
2015-12-17 |
QSB-023: Race condition bugs in Xen code (XSA-155 and XSA-166), other Xen ... |
|
2015-10-29 |
QSB-022: Critical Xen bug in PV memory virtualization code (XSA 148) |
|
2015-07-27 |
QSB-021: Anti Evil Maid bypass through filesystem ID collision |
|
2015-07-27 |
QSB-020: Fedora os-prober considered harmful |
|
2015-07-13 |
QSB-019: Anti Evil Maid bypass through unusual LUKS header |
|
2015-03-10 |
QSB-018: Xen Hypervisor Instruction Emulation Bug (XSA 123) |
|
2015-03-10 |
QSB-017: Xen DoS from malicious driver domains or devices (XSA 120 & 124) |
|
2015-03-05 |
QSB-016: Xen Hypervisor Information Leaks Vulnerabilities (XSA 121 & 122) |
|
2015-01-21 |
QSB-015: Critical Xen Hypervisor Vulnerability (XSA 109) |
|
2015-01-20 |
QSB-014: Race condition in Qubes Inter-VM File-Copy Mechanism |
|
2015-01-05 |
QSB-013: Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsis... |
|
2014-10-01 |
QSB-012: Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108) |
|
2014-09-10 |
QSB-011: Qubes clipboard inter-VM leak |
|
2014-02-06 |
QSB-010: Qubes pulseaudio & vchan bugs, Xen XSA 87 |
|
2014-01-09 |
QSB-009: Qubes qvm-open-in-[d]vm environment inter-VM leak |
|
2013-06-26 |
QSB-008: Xen hypervisor bugs: XSA 45,58 potential DoS |
|
2013-06-21 |
QSB-007: Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 ... |
|
2013-05-07 |
QSB-006: Xen hypervisor bugs: XSA 50, others with DoS potential |
|
2012-12-04 |
QSB-005: Xen hypervisor bugs: XSA 29, others with DoS potential |
|
2012-09-28 |
QSB-004: Qubes firewall misconfiguration: ipv6 allowed |
|
2012-09-11 |
QSB-003: Xen hypervisor bugs: XSA 13, others with DoS potential |
|
2012-06-12 |
QSB-002: Intel SYSRET bug |
|
2011-05-12 |
QSB-001: Gui daemon bug, Intel VT-d escape on non-IR hardware |