CVE-2018-15468
https://notcve.org/view.php?id=CVE-2018-15468
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. • http://xenbits.xen.org/xsa/advisory-269.html https://security.gentoo.org/glsa/201810-06 • CWE-863: Incorrect Authorization •
CVE-2018-15469
https://notcve.org/view.php?id=CVE-2018-15469
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). Se ha descubierto un problema en Xen hasta las versiones 4.11.x. • http://xenbits.xen.org/xsa/advisory-268.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-14678
https://notcve.org/view.php?id=CVE-2018-14678
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.11, tal y como se utiliza en Xen hasta las versiones 4.11.x. El punto de entrada de xen_failsafe_callback en arch/x86/entry/entry_64.S no mantiene correctamente el RBX, lo que permite a los usuarios locales provocar una denegación de servicio (uso de memoria no inicializada y cierre inesperado del sistema). • http://www.securityfocus.com/bid/104924 http://www.securitytracker.com/id/1041397 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://www.debian.org/security/2018/dsa-4308 https://xenbits.xen.org/xsa/advisory-274.html • CWE-665: Improper Initialization •
CVE-2018-12893
https://notcve.org/view.php?id=CVE-2018-12893
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. • http://www.openwall.com/lists/oss-security/2018/06/27/11 http://www.securityfocus.com/bid/104572 http://www.securitytracker.com/id/1041202 http://xenbits.xen.org/xsa/advisory-265.html https://bugzilla.redhat.com/show_bug.cgi?id=1590979 https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12891
https://notcve.org/view.php?id=CVE-2018-12891
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. • http://www.openwall.com/lists/oss-security/2018/06/27/10 http://www.securityfocus.com/bid/104570 http://www.securitytracker.com/id/1041201 http://xenbits.xen.org/xsa/advisory-264.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •