CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7541
https://notcve.org/view.php?id=CVE-2018-7541
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios desencadenando una transición de tabla grant de v2 a v1. • http://www.securityfocus.com/bid/103177 http://www.securitytracker.com/id/1040775 https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX232096 https://support.citrix.com/article/CTX232655 https://www.debian.org/security/2018/dsa-4131 https://xenbits.xen.org/xsa/advisory-255.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7542
https://notcve.org/view.php?id=CVE-2018-7542
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. Se ha descubierto un problema en Xen 4.8.x hasta la versión 4.10.x que permite que los usuarios invitados x86 PVH del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del hipervisor) aprovechando la gestión incorrecta de configuraciones que carecen de una APIC local. • http://www.securitytracker.com/id/1040776 https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4131 https://xenbits.xen.org/xsa/advisory-256.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5244
https://notcve.org/view.php?id=CVE-2018-5244
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. En Xen 4.10, se introdujo una nueva infraestructura como parte de una revisión de cómo ocurre la emulación MSR para los invitados. Desafortunadamente, no se libera una estructura de rastreo cuando se destruye una vcpu. • http://www.securityfocus.com/bid/102433 http://www.securitytracker.com/id/1040774 https://security.gentoo.org/glsa/201810-06 https://xenbits.xen.org/xsa/advisory-253.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17563
https://notcve.org/view.php?id=CVE-2017-17563
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando una comprobación de desbordamiento de máscara incorrecta para conteo de referencias en modo shadow. • http://www.openwall.com/lists/oss-security/2017/12/12/2 http://www.securityfocus.com/bid/102169 http://www.securitytracker.com/id/1040769 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-249.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17564
https://notcve.org/view.php?id=CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando la manipulación incorrecta de errores para el conteo de referencias en modo shadow. • http://www.openwall.com/lists/oss-security/2017/12/12/3 http://www.securityfocus.com/bid/102172 http://www.securitytracker.com/id/1040770 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-250.html • CWE-388: 7PK - Errors •