CVE-2018-15469
https://notcve.org/view.php?id=CVE-2018-15469
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). Se ha descubierto un problema en Xen hasta las versiones 4.11.x. • http://xenbits.xen.org/xsa/advisory-268.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-14678
https://notcve.org/view.php?id=CVE-2018-14678
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.11, tal y como se utiliza en Xen hasta las versiones 4.11.x. El punto de entrada de xen_failsafe_callback en arch/x86/entry/entry_64.S no mantiene correctamente el RBX, lo que permite a los usuarios locales provocar una denegación de servicio (uso de memoria no inicializada y cierre inesperado del sistema). • http://www.securityfocus.com/bid/104924 http://www.securitytracker.com/id/1041397 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://www.debian.org/security/2018/dsa-4308 https://xenbits.xen.org/xsa/advisory-274.html • CWE-665: Improper Initialization •
CVE-2018-12893
https://notcve.org/view.php?id=CVE-2018-12893
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. • http://www.openwall.com/lists/oss-security/2018/06/27/11 http://www.securityfocus.com/bid/104572 http://www.securitytracker.com/id/1041202 http://xenbits.xen.org/xsa/advisory-265.html https://bugzilla.redhat.com/show_bug.cgi?id=1590979 https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12891
https://notcve.org/view.php?id=CVE-2018-12891
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. • http://www.openwall.com/lists/oss-security/2018/06/27/10 http://www.securityfocus.com/bid/104570 http://www.securitytracker.com/id/1041201 http://xenbits.xen.org/xsa/advisory-264.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12892
https://notcve.org/view.php?id=CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. • http://www.openwall.com/lists/oss-security/2018/06/27/12 http://www.securityfocus.com/bid/104571 http://www.securitytracker.com/id/1041203 http://xenbits.xen.org/xsa/advisory-266.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •