CVE-2015-7972
https://notcve.org/view.php?id=CVE-2015-7972
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." La función (1) libxl_set_memory_target en tools/libxl/libxl.c y (2) libxl__build_post en tools/libxl/libxl_dom.c en Xen 3.4.x hasta la versión 4.6.x no calcula correctamente el tamaño del globo cuando utilizan el sistema populate-on-demand (PoD), lo que permite a usuarios invitados HVM locales provocar una denegación de servicio (caída de invitados) a través de vectores no especificados relacionados con 'heavy memory pressure.' • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/77365 http://www.securitytracker.com/id/1034036 http://xenbits. • CWE-399: Resource Management Errors •
CVE-2015-7814
https://notcve.org/view.php?id=CVE-2015-7814
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. Condición de carrera en la función relinquish_memory en arch/arm/domain.c en Xen 4.6.x y versiones anteriores permite a dominios locales con control parcial de la gestión provocar una denegación de servicio (caída del host) a través de vectores relacionados con la destrucción de un dominio y utilizando XENMEM_decrease_reservation para reducir la memoria del dominio. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://www.debian.org/security/2015/dsa-3414 http://www.securitytracker.com/id/1034030 http://xenbits.xen.org/xsa/advisory-147.html https://security.gentoo.org/glsa/201604-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-7971
https://notcve.org/view.php?id=CVE-2015-7971
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. Xen 3.2.x hasta la versión 4.6.x no limita el número de mensajes de la consola printk cuando incia sesión cierto pmu y hypercalls de perfilado, lo que permite a invitados locales provocar una denegación de servicio a través de una secuencia de hypercalls manipuladas (1) HYPERCALL_xenoprof_op, que no son manejadas adecuadamente en la función do_xenoprof_op en common/xenoprof.c o (2) HYPERVISOR_xenpmu_op, que no son manejadas adecuadamente en la función do_xenpmu_op en arch/x86/cpu/vpmu.c. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://support.citrix.com/article/CTX202404 http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/77363 http://www.securitytracker.com/id/1034035 http://xenbits. • CWE-19: Data Processing Errors •
CVE-2015-7311
https://notcve.org/view.php?id=CVE-2015-7311
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. libxl en Xen 4.1.x hasta la versión 4.6.x no maneja correctamente el indicador de solo lectura en los discos cuando se utiliza el dispositivo modelo qemu-xen, lo que permite a usuarios invitados locales escribir a una imagen de disco de sólo lectura. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/76823 http://www.securitytracker.com/id/1033633 http://xenbits.xen.org/xsa/advisory-142.html https:// • CWE-17: DEPRECATED: Code •
CVE-2015-5166
https://notcve.org/view.php?id=CVE-2015-5166
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Vulnerabilidad de uso después de liberación en la memoria en QEMU en Xen 4.5.x y versiones anteriores, no desconecta completamente los dispositivos de bloque emulados, lo que permite a usuarios invitados HVM locales obtener privilegios desconectando un dispositivo de bloque dos veces. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://www.securityfocus.com/bid/76152 http://www.securitytracker.com/id/1033175 http://xenbits.xen.org/xsa/advisory-139.html • CWE-264: Permissions, Privileges, and Access Controls •