CVE-2018-14678
https://notcve.org/view.php?id=CVE-2018-14678
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.11, tal y como se utiliza en Xen hasta las versiones 4.11.x. El punto de entrada de xen_failsafe_callback en arch/x86/entry/entry_64.S no mantiene correctamente el RBX, lo que permite a los usuarios locales provocar una denegación de servicio (uso de memoria no inicializada y cierre inesperado del sistema). • http://www.securityfocus.com/bid/104924 http://www.securitytracker.com/id/1041397 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://www.debian.org/security/2018/dsa-4308 https://xenbits.xen.org/xsa/advisory-274.html • CWE-665: Improper Initialization •
CVE-2018-12893
https://notcve.org/view.php?id=CVE-2018-12893
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. • http://www.openwall.com/lists/oss-security/2018/06/27/11 http://www.securityfocus.com/bid/104572 http://www.securitytracker.com/id/1041202 http://xenbits.xen.org/xsa/advisory-265.html https://bugzilla.redhat.com/show_bug.cgi?id=1590979 https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12891
https://notcve.org/view.php?id=CVE-2018-12891
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. • http://www.openwall.com/lists/oss-security/2018/06/27/10 http://www.securityfocus.com/bid/104570 http://www.securitytracker.com/id/1041201 http://xenbits.xen.org/xsa/advisory-264.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12892
https://notcve.org/view.php?id=CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. • http://www.openwall.com/lists/oss-security/2018/06/27/12 http://www.securityfocus.com/bid/104571 http://www.securitytracker.com/id/1041203 http://xenbits.xen.org/xsa/advisory-266.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-10982
https://notcve.org/view.php?id=CVE-2018-10982
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (número de interrupción sorprendentemente alto, sobrescritura del array y cierre inesperado del hipervisor) o ganen privilegios del hipervisor estableciendo un temporizador HPET para realizar interrupciones en el modo IO-APIC. Esto también se conoce como inyección de interrupción vHPET. • http://openwall.com/lists/oss-security/2018/05/08/2 http://www.securityfocus.com/bid/104150 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4201 https://xenbits.xen.org/xsa/advisory-261.html •