CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9066
https://notcve.org/view.php?id=CVE-2014-9066
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Xen 4.4.x y versiones anteriores, cuando utiliza un gran número de VCPUs, no maneja adecuadamente los bloqueos de lectura y escritura, lo que permite a usuarios invitados x86 locales causar una denegación de servicio (denegación de escritura o tiempo de espera agotado del watchdog NMI y caida de host) a través de un gran número de peticiones de lectura, una vulnerabilidad diferente a CVE-2014-9065. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71546 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •
CVSS: 4.7EPSS: 0%CPEs: 31EXPL: 0CVE-2014-8866
https://notcve.org/view.php?id=CVE-2014-8866
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. La traducción del argumento de hiperllamadas del modo de compatibilidad en Xen 3.3.x hasta 4.4.x, cuando funciona en un hipervisor de 64 bits, permite a invitados locales de HVM de 32 bits causar una denegación de servicio (caída del anfitrión) a través de vectores que involucran la alteración de las mitades altas de registros mientras en el modo de 64 bits. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/59937 http://secunia.com/advisories/62672 http://support.citrix.com/article/CTX200288 http://support.citrix.com/article/CTX201794 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71332 http://xenbits.xen.org/xsa/advisory-111.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •
CVSS: 5.2EPSS: 0%CPEs: 11EXPL: 0CVE-2014-8867 – xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (xsa112)
https://notcve.org/view.php?id=CVE-2014-8867
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. El soporte de aceleración para la instrucción 'REP MOVS' en Xen 4.4.x, 3.2.x, y anteriores falla en la comprobación correcta de los límites para entrada/salida del mapeado de memoria (memory mapped I/O, MMIO) emulado en el hipervisor, lo que permite a invitados HVM locales causar una denegación de servicio (caída del anfitrión) a través de vectores no especificados. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-0783.html http://secunia.com/advisories/59949 http://secunia.com/advisories/62672 http://support.citrix.com/article/CTX200288 http://support.citrix.com/article/CTX201794 http://www.debian.org/security/2015/dsa-3140 http://www.security • CWE-17: DEPRECATED: Code •
CVSS: 7.1EPSS: 0%CPEs: 35EXPL: 0CVE-2014-9030
https://notcve.org/view.php?id=CVE-2014-9030
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. La función do_mmu_update en arch/x86/mm.c en Xen 3.2.x hasta 4.4.x no maneja debidamente las referencias de páginas, lo que permite a dominios remotos causar una denegación de servicio mediante el aprovechamiento del control sobre un invitado HVM y un MMU_MACHPHYS_UPDATE manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/62672 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71207 http://xenbits.xen.org/xsa/advisory-113.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 https://security.gentoo.org/glsa/201504-04 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2014-8594
https://notcve.org/view.php?id=CVE-2014-8594
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). La función do_mmu_update en arch/x86/mm.c en Xen 4.x hasta la versión 4.4.x no restringe adecuadamente las actualizaciones a las tablas de página sólo para PV, lo que permite a invitados PV remotos provocar una denegación de servicio (referencia a puntero NULL) aprovechando los servicios de emulación de hardware para invitados HVM que utilizan Hardware Assisted Paging (HAP). • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/62672 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71149 http://xenbits.xen.org/xsa/advisory-109.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98767 https://security.gentoo.org/glsa/201504-04 • CWE-20: Improper Input Validation •