CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17348
https://notcve.org/view.php?id=CVE-2019-17348
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio debido a una incompatibilidad entre los Identificadores de Contexto del Proceso (PCID) y la conmutación shadow-pagetable. • http://www.openwall.com/lists/oss-security/2019/10/25/7 http://xenbits.xen.org/xsa/advisory-294.html https://seclists.org/bugtraq/2020/Jan/21 https://www.debian.org/security/2020/dsa-4602 https://xenbits.xen.org/xsa/advisory-294.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17349
https://notcve.org/view.php?id=CVE-2019-17349
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. Se detectó un problema en Xen versiones hasta 4.12.x, permitiendo a atacantes Arm domU causar una denegación de servicio (bucle infinito) involucrando una operación LoadExcl o StoreExcl. • http://xenbits.xen.org/xsa/advisory-295.html https://seclists.org/bugtraq/2020/Jan/21 https://www.debian.org/security/2020/dsa-4602 https://xenbits.xen.org/xsa/advisory-295.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17350
https://notcve.org/view.php?id=CVE-2019-17350
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. Se detectó un problema en Xen versiones hasta 4.12.x, permitiendo a atacantes Arm domU causar una denegación de servicio (bucle infinito) involucrando una operación de comparar e intercambiar. • http://xenbits.xen.org/xsa/advisory-295.html https://seclists.org/bugtraq/2020/Jan/21 https://www.debian.org/security/2020/dsa-4602 https://xenbits.xen.org/xsa/advisory-295.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17351
https://notcve.org/view.php?id=CVE-2019-17351
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. Se detectó un problema en el archivo drivers/xen/balloon.c en el kernel de Linux versiones anteriores a 5.2.3, como es usado en Xen versiones hasta 4.12.x, permitiendo a usuarios del sistema operativo invitado causar una denegación de servicio debido al consumo de recursos sin restricciones durante la asignación de la memoria de invitado , también se conoce como CID-6ef36ab967c7. • http://www.openwall.com/lists/oss-security/2019/10/25/9 http://xenbits.xen.org/xsa/advisory-300.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc844 https://security.netapp.com/advisory/ntap-20191031-0005 https://usn.ubuntu.com/4286-1 https://usn.ubuntu.com/4286-2 https://xenbits.xen.org/xsa/advisory-300.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19961
https://notcve.org/view.php?id=CVE-2018-19961
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Se ha descubierto un problema en Xen hasta las versiones 4.11.x en plataformas AMD x86, que podría permitir que usuarios invitados del sistema operativo obtengan privilegios del host del sistema operativo. Esto se debe a que los vaciados TLB no siempre ocurren tras cambios en el mapeo de IOMMU. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html http://www.securityfocus.com/bid/106182 https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT https://support.citrix.com/article/CTX239432 https://www.debian.org/security/2019/dsa-4369 https://xenbits.xen.org/xsa/advisory-275.html • CWE-459: Incomplete Cleanup •