
CVE-2017-12134 – Ubuntu Security Notice USN-3444-2
https://notcve.org/view.php?id=CVE-2017-12134
24 Aug 2017 — The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. La función xen_biovec_phys_mergeable en drivers/xen/biomerge.c en Xen podría permitir que usuarios invitados locales del sistema operativo corrompan transmisiones en bloque de datos del sistema y, conse... • http://www.debian.org/security/2017/dsa-3981 • CWE-682: Incorrect Calculation •

CVE-2017-12135 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12135
24 Aug 2017 — Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Xen permite que usuarios locales invitados del sistema operativo provoquen una denegación de servicio (bloqueo) o que tengan la posibilidad de obtener información sensible u obtener privilegios mediante vectores relacionados con concesiones transitivas. Multiple vulnerabilities have been found in Xen, the worst of which could allow for priv... • http://www.debian.org/security/2017/dsa-3969 • CWE-682: Incorrect Calculation •

CVE-2017-12136 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12136
24 Aug 2017 — Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios... • http://www.debian.org/security/2017/dsa-3969 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2017-12137 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12137
24 Aug 2017 — arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. arch/x86/mm.c en Xen permite que usuarios locales PV del sistema operativo obtengan privilegios SO del host mediante vectores relacionados con map_grant_ref. Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected. • http://www.debian.org/security/2017/dsa-3969 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2016-9603 – Qemu: cirrus: heap buffer overflow via vnc connection
https://notcve.org/view.php?id=CVE-2016-9603
18 Apr 2017 — A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en... • http://www.securityfocus.com/bid/96893 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
https://notcve.org/view.php?id=CVE-2017-2620
27 Feb 2017 — Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un p... • http://rhn.redhat.com/errata/RHSA-2017-0328.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVE-2017-2615 – Qemu: display: cirrus: oob access while doing bitblt copy backward mode
https://notcve.org/view.php?id=CVE-2017-2615
21 Feb 2017 — Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera ... • http://rhn.redhat.com/errata/RHSA-2017-0309.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVE-2017-5572
https://notcve.org/view.php?id=CVE-2017-5572
30 Jan 2017 — An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. Se ha descubierto un problema en Linux Foundation xapi en Citrix XenServer hasta la versión 7.0. Un administrador autenticado de solo lectura puede corromper la base de datos del host. • http://www.securityfocus.com/bid/95801 • CWE-269: Improper Privilege Management •

CVE-2017-5573
https://notcve.org/view.php?id=CVE-2017-5573
30 Jan 2017 — An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. Se ha descubierto un problema en Linux Foundation xapi en Citrix XenServer hasta la versión 7.0. Un administrador autenticado de sólo lectura puede cancelar las tareas de otros administradores. • http://www.securityfocus.com/bid/95796 •

CVE-2016-10025
https://notcve.org/view.php?id=CVE-2016-10025
26 Jan 2017 — VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. Emulación VMFUNC en Xen 4.6.x hasta la versión 4.8.x en sistemas x86 que usan extensiones de virtualización AMD (también conocidas como SVM) permite a usuarios locales HVM invitados del SO provocar una denegación de servicio (bloqueo del hipervisor) aprovechando una verificación per... • http://www.securityfocus.com/bid/95026 • CWE-476: NULL Pointer Dereference •