CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2012-5515 – kernel: xen: Several memory hypercall operations allow invalid extent order values
https://notcve.org/view.php?id=CVE-2012-5515
13 Dec 2012 — The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. Las hiperllamadas (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, y (3) XENMEM_exchange en Xen v4.2 y anteriores permiten a los administradores invitados locales causar una denegación de servicio (bucle largo y cuelgue) a través de un valor modificado de "e... • http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00000.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3131 – kernel: xen: IOMMU fault livelock
https://notcve.org/view.php?id=CVE-2011-3131
13 Dec 2012 — Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. Xen v4.1.1 y anteriores permite causar una denegación de servicio (consumo de CPU y bloqueo de Xen) a los kernels de sistemas operativos huesped que controlan dispositivos PCI[E] a través de muchas peticiones DMA modificadas que son denegadas por la IOMMU, lo que desencadena un b... • http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 27EXPL: 0CVE-2012-5514 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-5514
13 Dec 2012 — The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. La función guest_physmap_mark_populate_on_demand en Xen v4.2 y anteriores no desbloquea correctamente los GFNs al comprobar si están en uso, lo que permite causar una denegación de servicio (caída del HVM)a los administradores de HVM invitados locales a tra... • http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 1CVE-2012-3432 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3432
03 Dec 2012 — The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions. La función handle_mmio en arch/x86/hvm/io.c en el emulador de operaciones MMIO para Xen v3.3 y v4.x, cuando se ejecuta un HVM huesped, no reinicia correctamente la información de estado ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-4544 – xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
https://notcve.org/view.php?id=CVE-2012-4544
31 Oct 2012 — The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. El PV domain builder en Xen 4.2 y anteriores, no valida el tamaño del kernel o del ramdisk(1) antes o (2) después de la descompresión, lo que permite a administradores locales de los sistemas huésped provocar una denegación de servicio ... • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html • CWE-20: Improper Input Validation •
CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3262 – xen: insufficiencies in pv kernel image validation
https://notcve.org/view.php?id=CVE-2011-3262
19 Aug 2011 — tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0 y v4.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito de software de gestión y excesivo consumo de recursos en el administrador de dominios) a... • http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1583 – xen: insufficiencies in pv kernel image validation
https://notcve.org/view.php?id=CVE-2011-1583
12 Aug 2011 — Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. Múltiples desbordamientos de entero en tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0, y v4.1 permite a usuarios locales provocar... • http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html • CWE-189: Numeric Errors •
CVSS: 8.6EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4255 – xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
https://notcve.org/view.php?id=CVE-2010-4255
25 Jan 2011 — The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. La función fixup_page_fault en arch/x86/traps.c en Xen v.4.0.1 y anteriores sobre plataformas 64-bit, cuando se activa la paravirtualización, no verifica que el modo kernel está usado p... • http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2010-4247 – xen: request-processing loop is unbounded in blkback
https://notcve.org/view.php?id=CVE-2010-4247
11 Jan 2011 — The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. La función do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blkt... • http://secunia.com/advisories/35093 • CWE-20: Improper Input Validation •