CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10922 – Gentoo Linux Security Advisory 201710-17
https://notcve.org/view.php?id=CVE-2017-10922
05 Jul 2017 — The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. La característica de tabla grant en Xen, hasta las versiones 4.8.x, gestiona de manera incorrecta referencias grant de la región MMIO, lo que permite que los usuarios invitados de sistema operativo provoquen una denegación de servicio (pérdida de trazabilidad de grant, también conocido como XSA-224, fallo 3. Multiple v... • http://www.debian.org/security/2017/dsa-3969 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7995
https://notcve.org/view.php?id=CVE-2017-7995
03 May 2017 — Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Xen PV guest anterior a Xen 4.3 chequea los permisos de acceso a los rangos MMIO sólo después de acceder a ellos, lo que permite leer en un dispositivo de memoria PCI, dando lugar a la divulgación de información. Se tr... • http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.9EPSS: 2%CPEs: 32EXPL: 0CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
https://notcve.org/view.php?id=CVE-2017-2620
27 Feb 2017 — Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un p... • http://rhn.redhat.com/errata/RHSA-2017-0328.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 0CVE-2017-2615 – Qemu: display: cirrus: oob access while doing bitblt copy backward mode
https://notcve.org/view.php?id=CVE-2017-2615
21 Feb 2017 — Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera ... • http://rhn.redhat.com/errata/RHSA-2017-0309.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10013 – Debian Security Advisory 3847-1
https://notcve.org/view.php?id=CVE-2016-10013
26 Jan 2017 — Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. Xen hasta la versión 4.8.x permite a usuarios locales 64-bit x86 HVM invitados del SO obtener privilegios aprovechando el manejo incorrecto de singlestep SYSCALL durante la emulación. Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information ... • http://www.debian.org/security/2017/dsa-3847 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-10024 – Gentoo Linux Security Advisory 201612-56
https://notcve.org/view.php?id=CVE-2016-10024
02 Jan 2017 — Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. Xen hasta la versión 4.8.x permite a administradores del kernel locales x86 PV invitados del SO provocar una denegación de servicio (cuelgue del anfitrión o caída) modificando el flujo de instrucciones asincrónicamente mientras se llevan a cabo ciertas operaciones del kernel. Jan Beulich and Jann ... • http://www.debian.org/security/2017/dsa-3847 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 45EXPL: 0CVE-2016-9932 – Gentoo Linux Security Advisory 201612-56
https://notcve.org/view.php?id=CVE-2016-9932
02 Jan 2017 — CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. Emulación CMPXCHG8B en Xen 3.3.x hasta la versión 4.7.x en sistemas x86 permite a usuarios locales HVM invitados del SO obtener información sensible de la memoria basada en pila del anfitrión a través de un prefijo de tamaño de operando "supuestamente ignorado". Jan Beulich and Jann Horn discovered multiple vulner... • http://www.debian.org/security/2017/dsa-3847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7777 – Gentoo Linux Security Advisory 201611-09
https://notcve.org/view.php?id=CVE-2016-7777
07 Oct 2016 — Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Xen 4.7.x y versiones anteriores no respeta adecuadamente CR0.TS y CR0.EM, lo que permite a usuarios locales x86 HVM del SO invitado leer o modificar información del estado de registro FPU, MMX o XMM que pertenece a tareas a... • http://www.securityfocus.com/bid/93344 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7094 – Gentoo Linux Security Advisory 201611-09
https://notcve.org/view.php?id=CVE-2016-7094
21 Sep 2016 — Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. Desbordamiento de búfer en Xen 4.7.x y versiones anteriores permite a administradores locales del SO invitado x86 HVM ejecutado con paginación sombra provocar una denegación de servicio a través de una actualización de tabla de página. Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on ... • http://support.citrix.com/article/CTX216071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4480 – Debian Security Advisory 3633-1
https://notcve.org/view.php?id=CVE-2016-4480
18 May 2016 — The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. La función guest_walk_tables en arch/x86/mm/guest_walk en Xen 4.6.x y versiones anteriores no maneja adecuadamente el bit de entrada a la tabla de página Page Size (PS) en los niveles de tabla de página L4 y L3, lo que podría permitir a... • http://www.debian.org/security/2016/dsa-3633 • CWE-264: Permissions, Privileges, and Access Controls •