Page 31 of 176 results (0.006 seconds)

CVSS: 7.4EPSS: 0%CPEs: 27EXPL: 0

CVE-2012-5513 – kernel: xen: XENMEM_exchange may overwrite hypervisor memory

https://notcve.org/view.php?id=CVE-2012-5513

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. El manejador XENMEM_exchange en Xen v4.2 y anteriores no comprueba correctamente la dirección de memoria, lo que permite causar una denegación de servicio (caída del S.O.) a administrador de sistemas operativos invitados PV o posiblemente obtener privilegios a través de vectores no especificados que sobrescriben memoria en rangos del hipervisor reservados. • http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-4536

https://notcve.org/view.php?id=CVE-2012-4536

The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. Las funciones (1) domain_pirq_to_emuirq y (2) physdev_unmap_pirq en Xen 2.2 permite a los administradores de sistemas operativos clientes locales causar una denegación de servicio (caída de Xen) a través de un valor PIRQ modificado que provoca una lectura fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html http://osvdb.org/87297 http://secunia.com/advisories/51200 http://secunia.com/advisories/51324 http://secunia.com/advisories& •

CVSS: 2.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2012-4544 – xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk

https://notcve.org/view.php?id=CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. El PV domain builder en Xen 4.2 y anteriores, no valida el tamaño del kernel o del ramdisk(1) antes o (2) después de la descompresión, lo que permite a administradores locales de los sistemas huésped provocar una denegación de servicio (consumo de memoria) a través de un (1)kernel o (2)ramdisk manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security- • CWE-20: Improper Input Validation •

CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 4

CVE-2012-0217 – FreeBSD Intel SYSRET Privilege Escalation

https://notcve.org/view.php?id=CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2011-3131 – kernel: xen: IOMMU fault livelock

https://notcve.org/view.php?id=CVE-2011-3131

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. Xen v4.1.1 y anteriores permite causar una denegación de servicio (consumo de CPU y bloqueo de Xen) a los kernels de sistemas operativos huesped que controlan dispositivos PCI[E] a través de muchas peticiones DMA modificadas que son denegadas por la IOMMU, lo que desencadena un bloqueo activo. • http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html http://secunia.com/advisories/45622 http://secunia.com/advisories/51468 http://www.debian.org/security/2012/dsa-2582 http://www.securityfocus.com/bid/49146 http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a https://access.redhat.com/security/cve/CVE-2011-3131 https://bugzilla.redhat.com/show& • CWE-399: Resource Management Errors •