CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17044
https://notcve.org/view.php?id=CVE-2017-17044
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo provoquen una denegación de servicio (bucle infinito y bloqueo del host del sistema operativo) aprovechando la gestión incorrecta de errores PoD (Populate on Demand). • http://www.securityfocus.com/bid/102008 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/105954 http://www.securitytracker.com/id/1039878 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX230138 https://xenbits.xen.org/xsa/advisory-246.html • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15597
https://notcve.org/view.php?id=CVE-2017-15597
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. • http://www.openwall.com/lists/oss-security/2017/10/24/3 http://www.securityfocus.com/bid/101564 http://www.securitytracker.com/id/1039653 http://xenbits.xen.org/xsa/advisory-236.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://support.citrix.com/article/CTX229057 https://www.debian.org/security/2017/dsa-4050 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15593
https://notcve.org/view.php?id=CVE-2017-15593
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 PV provoquen una denegación de servicio (fuga de memoria) debido a que se gestiona de manera incorrecta el recuento de referencias. • http://www.securitytracker.com/id/1039568 https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX228867 https://www.debian.org/security/2017/dsa-4050 https://xenbits.xen.org/xsa/advisory-242.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15592
https://notcve.org/view.php?id=CVE-2017-15592
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 HMV provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios debido a que se gestiona de manera incorrecta los mapeados autolineares de shadow para los invitados traducidos. • http://www.securityfocus.com/bid/101513 http://www.securityfocus.com/bid/102129 http://www.securitytracker.com/id/1039568 https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX228867 https://support.citrix.com/article/CTX230138 https://www.debian.org/security/2017/dsa-4050 https://xenbits.xen.org/xsa/advisory-243.htm • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15595 – Xen - Pagetable De-typing Unbounded Recursion
https://notcve.org/view.php?id=CVE-2017-15595
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 PV provoquen una denegación de servicio (recursión infinita consumo de pila y cierre inesperado del hipervisor) o que puedan obtener privilegios mediante el apilamiento manipulado de tablas de paginación. • https://www.exploit-db.com/exploits/43014 https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX228867 https://www.debian.org/security/2017/dsa-4050 https://xenbits.xen.org/xsa/advisory-240.html • CWE-400: Uncontrolled Resource Consumption •