CVSS: 2.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29480 – Debian Security Advisory 4812-1
https://notcve.org/view.php?id=CVE-2020-29480
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; nu... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29479 – Debian Security Advisory 4812-1
https://notcve.org/view.php?id=CVE-2020-29479
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA • CWE-862: Missing Authorization •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29571 – Debian Security Advisory 4812-1
https://notcve.org/view.php?id=CVE-2020-29571
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29570 – Debian Security Advisory 4812-1
https://notcve.org/view.php?id=CVE-2020-29570
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Se detectó un problema en Xen versiones hasta 4.14.x. • http://www.openwall.com/lists/oss-security/2020/12/16/4 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-29569 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-29569
15 Dec 2020 — An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29568 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-29568
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29567 – Gentoo Linux Security Advisory 202107-30
https://notcve.org/view.php?id=CVE-2020-29567
15 Dec 2020 — An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29566 – Debian Security Advisory 4812-1
https://notcve.org/view.php?id=CVE-2020-29566
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-sc... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29040
https://notcve.org/view.php?id=CVE-2020-29040
24 Nov 2020 — An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. Se detectó un problema en Xen versiones hasta 4.14.x, que permitía a usuarios del SO invitado x86 HVM causar una denegación de servicio (corrupción de la pila), causar un filtrado de datos o posiblemente alcanzar privilegios debido a un er... • http://www.openwall.com/lists/oss-security/2021/01/19/4 • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-28368 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-28368
10 Nov 2020 — Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. Xen versiones hasta 4.14.x, permite a administradores de Sistemas Operativos invitados obtener información confidencial (tales como claves AES desde fuera del invitado) por medio de un ... • http://www.openwall.com/lists/oss-security/2020/11/26/1 • CWE-862: Missing Authorization •