CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15597
https://notcve.org/view.php?id=CVE-2017-15597
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. • http://www.openwall.com/lists/oss-security/2017/10/24/3 http://www.securityfocus.com/bid/101564 http://www.securitytracker.com/id/1039653 http://xenbits.xen.org/xsa/advisory-236.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://support.citrix.com/article/CTX229057 https://www.debian.org/security/2017/dsa-4050 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 73EXPL: 0CVE-2017-15596
https://notcve.org/view.php?id=CVE-2017-15596
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. Se ha descubierto un problema en Xen desde las versiones 4.4.x hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo ARM provoquen una denegación de servicio (imposibilidad de emplear los recursos físicos de la CPU) debido a la gestión incorrecta de los bloqueos al detectarse un error add-to-physmap. • http://www.debian.org/security/2017/dsa-3969 http://www.securitytracker.com/id/1039568 https://xenbits.xen.org/xsa/advisory-235.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15591
https://notcve.org/view.php?id=CVE-2017-15591
An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. Se ha descubierto un problema en Xen desde las versiones 4.5.x hasta las versiones 4.9.x que permite que atacantes (que controlan un kernel de dominio de zona stub o una pila de herramientas) para provocar una denegación de servicio (cierre inesperado del sistema operativo host) debido a la falta de una comparación (del principio al final del rango) en la implementación de la asignación/no asignación DMOP. • https://security.gentoo.org/glsa/201801-14 https://xenbits.xen.org/xsa/advisory-238.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15592
https://notcve.org/view.php?id=CVE-2017-15592
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 HMV provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios debido a que se gestiona de manera incorrecta los mapeados autolineares de shadow para los invitados traducidos. • http://www.securityfocus.com/bid/101513 http://www.securityfocus.com/bid/102129 http://www.securitytracker.com/id/1039568 https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX228867 https://support.citrix.com/article/CTX230138 https://www.debian.org/security/2017/dsa-4050 https://xenbits.xen.org/xsa/advisory-243.htm • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15593
https://notcve.org/view.php?id=CVE-2017-15593
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 PV provoquen una denegación de servicio (fuga de memoria) debido a que se gestiona de manera incorrecta el recuento de referencias. • http://www.securitytracker.com/id/1039568 https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX228867 https://www.debian.org/security/2017/dsa-4050 https://xenbits.xen.org/xsa/advisory-242.html • CWE-772: Missing Release of Resource after Effective Lifetime •