CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3262 – xen: insufficiencies in pv kernel image validation
https://notcve.org/view.php?id=CVE-2011-3262
19 Aug 2011 — tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0 y v4.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito de software de gestión y excesivo consumo de recursos en el administrador de dominios) a... • http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1583 – xen: insufficiencies in pv kernel image validation
https://notcve.org/view.php?id=CVE-2011-1583
12 Aug 2011 — Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. Múltiples desbordamientos de entero en tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0, y v4.1 permite a usuarios locales provocar... • http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html • CWE-189: Numeric Errors •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 1CVE-2011-1898 – virt: VT-d (PCI passthrough) MSI trap injection
https://notcve.org/view.php?id=CVE-2011-1898
12 Aug 2011 — Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." Xen v4.1 anterior a v4.1.1 y v4.0 anterior a v4.0.2, cuando usa PCI passthrough sobre chipsets Intel VT-d que no tienen que interrumplir remapeado, permite a usuarios invitados del OS obtener privilegios de anfitrión "usando DMA para generar... • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •