CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-29569 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-29569
15 Dec 2020 — An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29568 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-29568
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. • https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29567 – Gentoo Linux Security Advisory 202107-30
https://notcve.org/view.php?id=CVE-2020-29567
15 Dec 2020 — An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29566 – Debian Security Advisory 4812-1
https://notcve.org/view.php?id=CVE-2020-29566
15 Dec 2020 — An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-sc... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29040
https://notcve.org/view.php?id=CVE-2020-29040
24 Nov 2020 — An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. Se detectó un problema en Xen versiones hasta 4.14.x, que permitía a usuarios del SO invitado x86 HVM causar una denegación de servicio (corrupción de la pila), causar un filtrado de datos o posiblemente alcanzar privilegios debido a un er... • http://www.openwall.com/lists/oss-security/2021/01/19/4 • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-28368 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-28368
10 Nov 2020 — Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. Xen versiones hasta 4.14.x, permite a administradores de Sistemas Operativos invitados obtener información confidencial (tales como claves AES desde fuera del invitado) por medio de un ... • http://www.openwall.com/lists/oss-security/2020/11/26/1 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27670 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27670
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de páginas IOMMU ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27671 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27671
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado HVM y PVH de x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque la combinación de descargas... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27672 – Debian Security Advisory 4804-1
https://notcve.org/view.php?id=CVE-2020-27672
22 Oct 2020 — An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del SO invitado x86 causar una denegación de servicio del SO host, lograr una corrupción de datos o posiblemente alcanzar privilegios mediante la explotación de una condici... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27673 – Ubuntu Security Notice USN-4751-1
https://notcve.org/view.php?id=CVE-2020-27673
22 Oct 2020 — An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. Los usuarios del Sistema Operativo invitado pueden causar una denegación de servicio (suspensión del Sistema Operativo host) por medio de una alta tasa de eventos en dom0, también se c... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html •