CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14316
https://notcve.org/view.php?id=CVE-2017-14316
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. Existe un problema de verificación de parámetros en Xen hasta la versión 4.9.x. • http://www.securityfocus.com/bid/100818 http://www.securitytracker.com/id/1039348 http://xenbits.xen.org/xsa/advisory-231.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://support.citrix.com/article/CTX227185 https://www.debian.org/security/2017/dsa-4050 • CWE-125: Out-of-bounds Read •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14317
https://notcve.org/view.php?id=CVE-2017-14317
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). Se ha descubierto un problema de limpieza de dominio en el demonio C xenstore (también conocido como cxenstored) en Xen hasta la versión 4.9.x. Cuando se apaga una VM con un dominio stub, una carrera en cxenstored podría causar una liberación doble (double-free). • http://www.securityfocus.com/bid/100826 http://www.securitytracker.com/id/1039350 http://xenbits.xen.org/xsa/advisory-233.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://www.debian.org/security/2017/dsa-4050 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-14318
https://notcve.org/view.php?id=CVE-2017-14318
An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. • http://www.securityfocus.com/bid/100817 http://www.securitytracker.com/id/1039349 http://xenbits.xen.org/xsa/advisory-232.html https://support.citrix.com/article/CTX227185 https://www.debian.org/security/2017/dsa-4050 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14319
https://notcve.org/view.php?id=CVE-2017-14319
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. Se ha descubierto un problema de desasignación de concesión en Xen hasta la versión 4.9.x. Cuando se elimina o reemplaza una asignación de concesión, la ruta específica de la PV x86 necesita asegurarse de que las entradas de tabla de página siguen sincronizadas con otras cuentas realizadas. • http://www.securityfocus.com/bid/100819 http://www.securitytracker.com/id/1039351 http://xenbits.xen.org/xsa/advisory-234.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://support.citrix.com/article/CTX227185 https://www.debian.org/security/2017/dsa-4050 •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-12136
https://notcve.org/view.php?id=CVE-2017-12136
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios en el host mediante vectores que impliquen la gestión de lista libre de maptrack. • http://www.debian.org/security/2017/dsa-3969 http://www.openwall.com/lists/oss-security/2017/08/15/3 http://www.securityfocus.com/bid/100346 http://www.securitytracker.com/id/1039175 http://xenbits.xen.org/xsa/advisory-228.html https://bugzilla.redhat.com/show_bug.cgi?id=1477651 https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX225941 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •