CVE-2015-8339
https://notcve.org/view.php?id=CVE-2015-8339
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. La función memory_exchange en common/memory.c en Xen 3.2.x hasta la versión 4.6.x no devuelve adecuadamente páginas a un dominio, lo que podría permitir a administradores invitados del SO causar una denegación de servicio (caída del host) a través de vectores no especificados relacionados con un desensamblaje de dominio. • http://support.citrix.com/article/CTX203451 http://www.debian.org/security/2016/dsa-3519 http://www.securityfocus.com/bid/79038 http://www.securitytracker.com/id/1034391 http://xenbits.xen.org/xsa/advisory-159.html https://security.gentoo.org/glsa/201604-03 • CWE-19: Data Processing Errors •
CVE-2015-8340
https://notcve.org/view.php?id=CVE-2015-8340
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. La función memory_exchange en common/memory.c en Xen 3.2.x hasta la versión 4.6.x no devuelve adecuadamente páginas a un dominio, lo que podría permitir a administradores invitados del SO causar una denegación de servicio (interbloqueo o caída del host) a través de vectores no especificados, relacionados con un error de manejo XENMEM_exchange. • http://support.citrix.com/article/CTX203451 http://www.debian.org/security/2016/dsa-3519 http://www.securityfocus.com/bid/79038 http://www.securitytracker.com/id/1034391 http://xenbits.xen.org/xsa/advisory-159.html https://security.gentoo.org/glsa/201604-03 • CWE-17: DEPRECATED: Code •
CVE-2015-8338
https://notcve.org/view.php?id=CVE-2015-8338
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. Xen 4.6.x y versiones anteriores no impone adecuadamente límites en órdenes de entrada de página para las suboperaciones (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange y posiblemente otra HYPERVISOR_memory_op, lo que permite a administradores ARM invitados del SO causar una denegación de servicio (consumo de CPU, reinicio de invitado o tiempo de watchdog excedido o reinicio host) y posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://www.debian.org/security/2016/dsa-3633 http://www.securityfocus.com/bid/78920 http://www.securitytracker.com/id/1034390 http://xenbits.xen.org/xsa/advisory-158.html • CWE-254: 7PK - Security Features •
CVE-2015-7835
https://notcve.org/view.php?id=CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. La función mod_l2_entry en arch/x86/mm.c en Xen 3.4 hasta la versión 4.6.x no valida correctamente las entradas de la tabla de paginación de nivel 2, lo que permite a administradores invitados PV locales obtener privilegios a través de un mapeo de superpage manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3390 http://www.securityfocus.com/bid/773 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7970
https://notcve.org/view.php?id=CVE-2015-7970
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. La función p2m_pod_emergency_sweep en arch/x86/mm/p2m-pod.c en Xen 3.4.x, 3.5,x y 3.6.x no es preferente, lo que permite a administradores invitados x86 HVM locales provocar una denegación de servicio (consumo de CPU y posiblemente reinicio) a través de contenidos de memoria manipulados que desencadena un 'time-consuming linear scan', relacionado con Populate-on-Demand. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/77362 http://www.securitytracker.com/id/1034034 http://xenbits. • CWE-399: Resource Management Errors •