CVE-2015-8340
https://notcve.org/view.php?id=CVE-2015-8340
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. La función memory_exchange en common/memory.c en Xen 3.2.x hasta la versión 4.6.x no devuelve adecuadamente páginas a un dominio, lo que podría permitir a administradores invitados del SO causar una denegación de servicio (interbloqueo o caída del host) a través de vectores no especificados, relacionados con un error de manejo XENMEM_exchange. • http://support.citrix.com/article/CTX203451 http://www.debian.org/security/2016/dsa-3519 http://www.securityfocus.com/bid/79038 http://www.securitytracker.com/id/1034391 http://xenbits.xen.org/xsa/advisory-159.html https://security.gentoo.org/glsa/201604-03 • CWE-17: DEPRECATED: Code •
CVE-2015-8338
https://notcve.org/view.php?id=CVE-2015-8338
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. Xen 4.6.x y versiones anteriores no impone adecuadamente límites en órdenes de entrada de página para las suboperaciones (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange y posiblemente otra HYPERVISOR_memory_op, lo que permite a administradores ARM invitados del SO causar una denegación de servicio (consumo de CPU, reinicio de invitado o tiempo de watchdog excedido o reinicio host) y posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://www.debian.org/security/2016/dsa-3633 http://www.securityfocus.com/bid/78920 http://www.securitytracker.com/id/1034390 http://xenbits.xen.org/xsa/advisory-158.html • CWE-254: 7PK - Security Features •
CVE-2015-7969
https://notcve.org/view.php?id=CVE-2015-7969
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. Fugas de memoria múltiples en Xen 4.0 hasta la versión 4.6.x permite a administradores locales invitados o dominios con cierto permiso provocar una denegación de servicio (consumo de memoria) a través de un gran número de 'desensamblajes' de dominios con el array de punteros vcpu asignados utilizando (1) la hypercall XEN_DOMCTL_max_vcpus o el array de punteros vcpu asignados en el estado xenoprofile utilizando la hypercall (2) XENOPROF_get_buffer o (3) XENOPROF_set_passive . • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/77364 http://www.securitytracker.com/id/1034033 http://xenbits. • CWE-399: Resource Management Errors •
CVE-2015-7835
https://notcve.org/view.php?id=CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. La función mod_l2_entry en arch/x86/mm.c en Xen 3.4 hasta la versión 4.6.x no valida correctamente las entradas de la tabla de paginación de nivel 2, lo que permite a administradores invitados PV locales obtener privilegios a través de un mapeo de superpage manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3390 http://www.securityfocus.com/bid/773 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7970
https://notcve.org/view.php?id=CVE-2015-7970
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. La función p2m_pod_emergency_sweep en arch/x86/mm/p2m-pod.c en Xen 3.4.x, 3.5,x y 3.6.x no es preferente, lo que permite a administradores invitados x86 HVM locales provocar una denegación de servicio (consumo de CPU y posiblemente reinicio) a través de contenidos de memoria manipulados que desencadena un 'time-consuming linear scan', relacionado con Populate-on-Demand. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/77362 http://www.securitytracker.com/id/1034034 http://xenbits. • CWE-399: Resource Management Errors •