CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29040
https://notcve.org/view.php?id=CVE-2020-29040
24 Nov 2020 — An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. Se detectó un problema en Xen versiones hasta 4.14.x, que permitía a usuarios del SO invitado x86 HVM causar una denegación de servicio (corrupción de la pila), causar un filtrado de datos o posiblemente alcanzar privilegios debido a un er... • http://www.openwall.com/lists/oss-security/2021/01/19/4 • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-28368 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-28368
10 Nov 2020 — Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. Xen versiones hasta 4.14.x, permite a administradores de Sistemas Operativos invitados obtener información confidencial (tales como claves AES desde fuera del invitado) por medio de un ... • http://www.openwall.com/lists/oss-security/2020/11/26/1 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27670 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27670
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de páginas IOMMU ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27672 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27672
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del SO invitado x86 causar una denegación de servicio del SO host, lograr una corrupción de datos o posiblemente alcanzar privilegios mediante la explotación de una condici... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27673 – Ubuntu Security Notice USN-4751-1
https://notcve.org/view.php?id=CVE-2020-27673
22 Oct 2020 — An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. Los usuarios del Sistema Operativo invitado pueden causar una denegación de servicio (suspensión del Sistema Operativo host) por medio de una alta tasa de eventos en dom0, también se c... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27674 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27674
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado de PV x86 alcanzar privilegios de SO invitado modificando el contenido de la memoria del kernel, porque una invalidación de las entradas TLB es manejada inapropiadamente durante el ... • http://www.openwall.com/lists/oss-security/2021/01/19/5 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25603 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25603
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25596 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25596
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25604 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25604
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25601 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25601
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of t... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html •