CVE-2018-12893
https://notcve.org/view.php?id=CVE-2018-12893
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. • http://www.openwall.com/lists/oss-security/2018/06/27/11 http://www.securityfocus.com/bid/104572 http://www.securitytracker.com/id/1041202 http://xenbits.xen.org/xsa/advisory-265.html https://bugzilla.redhat.com/show_bug.cgi?id=1590979 https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12891
https://notcve.org/view.php?id=CVE-2018-12891
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. • http://www.openwall.com/lists/oss-security/2018/06/27/10 http://www.securityfocus.com/bid/104570 http://www.securitytracker.com/id/1041201 http://xenbits.xen.org/xsa/advisory-264.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX235748 https://www.debian.org/security/2018/dsa-4236 •
CVE-2018-12892
https://notcve.org/view.php?id=CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. • http://www.openwall.com/lists/oss-security/2018/06/27/12 http://www.securityfocus.com/bid/104571 http://www.securitytracker.com/id/1041203 http://xenbits.xen.org/xsa/advisory-266.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-10982
https://notcve.org/view.php?id=CVE-2018-10982
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (número de interrupción sorprendentemente alto, sobrescritura del array y cierre inesperado del hipervisor) o ganen privilegios del hipervisor estableciendo un temporizador HPET para realizar interrupciones en el modo IO-APIC. Esto también se conoce como inyección de interrupción vHPET. • http://openwall.com/lists/oss-security/2018/05/08/2 http://www.securityfocus.com/bid/104150 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4201 https://xenbits.xen.org/xsa/advisory-261.html •
CVE-2018-10981
https://notcve.org/view.php?id=CVE-2018-10981
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (bucle infinito del sistema operativo del host) en situaciones en las que un modelo de dispositivo QEMU intenta realizar transiciones no válidas entre estados de una petición. • http://openwall.com/lists/oss-security/2018/05/08/3 http://www.securityfocus.com/bid/104149 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4201 https://xenbits.xen.org/xsa/advisory-262.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •