CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-12136
https://notcve.org/view.php?id=CVE-2017-12136
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios en el host mediante vectores que impliquen la gestión de lista libre de maptrack. • http://www.debian.org/security/2017/dsa-3969 http://www.openwall.com/lists/oss-security/2017/08/15/3 http://www.securityfocus.com/bid/100346 http://www.securitytracker.com/id/1039175 http://xenbits.xen.org/xsa/advisory-228.html https://bugzilla.redhat.com/show_bug.cgi?id=1477651 https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX225941 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-12855
https://notcve.org/view.php?id=CVE-2017-12855
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. • http://www.debian.org/security/2017/dsa-3969 http://www.securityfocus.com/bid/100341 http://www.securitytracker.com/id/1039177 http://xenbits.xen.org/xsa/advisory-230.html https://support.citrix.com/article/CTX225941 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-10923
https://notcve.org/view.php?id=CVE-2017-10923
Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Xen hasta la versión 4.8.x, no comprueba un índice de matriz vCPU sobre el envío de un SGI, lo que permite a los usuarios del sistema operativo invitado causar una denegación de servicio (bloqueo del hypervisor), también se conoce como XSA-225. • http://www.securityfocus.com/bid/99160 http://www.securitytracker.com/id/1038735 https://security.gentoo.org/glsa/201708-03 https://xenbits.xen.org/xsa/advisory-225.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10919
https://notcve.org/view.php?id=CVE-2017-10919
Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. Xen hasta la versión 4.8.x, maneja inapropiadamente la inyección de interrupción virtual, que permite a los usuarios del sistema operativo invitado causar una denegación de servicio (bloqueo del hypervisor), también se conoce como XSA-223. • http://www.debian.org/security/2017/dsa-3969 http://www.securityfocus.com/bid/99159 http://www.securitytracker.com/id/1038733 https://security.gentoo.org/glsa/201708-03 https://xenbits.xen.org/xsa/advisory-223.html •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-10916
https://notcve.org/view.php?id=CVE-2017-10916
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. La implementación context-switch de vCPU en Xen hasta la versión 4.8.x, interactúa inapropiadamente con las funcionalidades Memory Protection Extensions (MPX) y Protection Key (PKU), lo que facilita a los usuarios del sistema operativo invitado superar a la ASLR y a otros mecanismos de protección, también se conoce como XSA-220. • http://www.debian.org/security/2017/dsa-3969 http://www.securityfocus.com/bid/99167 http://www.securitytracker.com/id/1038730 https://security.gentoo.org/glsa/201708-03 https://xenbits.xen.org/xsa/advisory-220.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •