CVE-2015-2151 – xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)
https://notcve.org/view.php?id=CVE-2015-2151
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. El emulador x86 en Xen 3.2.x hasta 4.5.x no ignora correctamente las anulaciones de segmentos para instrucciones con operandos del registro, lo que permite a usuarios locales invitados obtener información sensible, causar una denegación de servicio (corrupción de memoria), o posiblemente ejecutar código arbitrario a través de vectores no especificados. It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.oracle.com/technetwork/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2044
https://notcve.org/view.php?id=CVE-2015-2044
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. Las rutinas de emulación para dispositivos X86 no especificados en Xen 3.2.x hasta 4.5.x no inicializa correctamente los datos, lo que permite a usuarios locales invitados HVM obtener información sensible a través de vectores que involucran un tamaño de acceso no soportado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.securityfocus.com/bid/72954 http://www.securitytracker.com/id/1031806 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-9066
https://notcve.org/view.php?id=CVE-2014-9066
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Xen 4.4.x y versiones anteriores, cuando utiliza un gran número de VCPUs, no maneja adecuadamente los bloqueos de lectura y escritura, lo que permite a usuarios invitados x86 locales causar una denegación de servicio (denegación de escritura o tiempo de espera agotado del watchdog NMI y caida de host) a través de un gran número de peticiones de lectura, una vulnerabilidad diferente a CVE-2014-9065. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71546 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •
CVE-2014-9065
https://notcve.org/view.php?id=CVE-2014-9065
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. common/spinlock.c en Xen 4.4.x y anteriores no maneja correctamente los bloqueos de lectura y escritura, lo que permite a usuarios locales invitados de x86 causar una denegación de servicio (denegación de escritura o fin de sesión de la vigilancia NMI y caída del anfitrión) a través de un número grande de solicitudes de lectura, una vulnerabilidad diferente a CVE-2014-9066. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71544 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •
CVE-2014-8867 – xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (xsa112)
https://notcve.org/view.php?id=CVE-2014-8867
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. El soporte de aceleración para la instrucción 'REP MOVS' en Xen 4.4.x, 3.2.x, y anteriores falla en la comprobación correcta de los límites para entrada/salida del mapeado de memoria (memory mapped I/O, MMIO) emulado en el hipervisor, lo que permite a invitados HVM locales causar una denegación de servicio (caída del anfitrión) a través de vectores no especificados. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-0783.html http://secunia.com/advisories/59949 http://secunia.com/advisories/62672 http://support.citrix.com/article/CTX200288 http://support.citrix.com/article/CTX201794 http://www.debian.org/security/2015/dsa-3140 http://www.security • CWE-17: DEPRECATED: Code •