Page 32 of 222 results (0.013 seconds)

CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). La función do_mmu_update en arch/x86/mm.c en Xen 4.x hasta la versión 4.4.x no restringe adecuadamente las actualizaciones a las tablas de página sólo para PV, lo que permite a invitados PV remotos provocar una denegación de servicio (referencia a puntero NULL) aprovechando los servicios de emulación de hardware para invitados HVM que utilizan Hardware Assisted Paging (HAP). • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/62672 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71149 http://xenbits.xen.org/xsa/advisory-109.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98767 https://security.gentoo.org/glsa/201504-04 • CWE-20: Improper Input Validation •

CVSS: 3.3EPSS: 0%CPEs: 19EXPL: 0

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 3.3.x hasta 4.4.x no comprueba los permisos del modo de supervisión para las instrucciones que generan interrupciones de software, lo que permite a usuarios locales huéspedes de HVM causar una denegación de servicio (caída del huésped) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://secunia.com/advisories/61500 http://secunia.com/advisories/61858 http://secunia.com/advisories/61890 http://security.gentoo.org/glsa/glsa-201412-42.xml http://support.citrix.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 43EXPL: 0

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 4.4.x y anteriores no comprueba debidamente los permisos del modo de supervisor, lo que permite a usuarios locales de HVM causar una denegación de servicio (caída del huésped) o ganar privilegios del medo del kernel del huésped a través de vectores que involucran una instrucción (1) HLT, (2) LGDT, (3) LIDT, o (4) LMSW. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://secunia.com/advisories/61858 http://secunia.com/advisories/61890 http://security.gentoo.org/glsa/glsa-201412-42.xml http://support.citrix.com/article/CTX200218 http://www.debian. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. Condición de carrera en HVMOP_track_dirty_vram en Xen 4.0.0 hasta 4.4.x no asegura la posesión del bloqueo de guardar para el seguimiento RAM de vídeos sucios, lo que permite a dominios locales de huésped causar una denegación de servicio a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://secunia.com/advisories/61501 http://secunia.com/advisories/61890 http://security.gentoo.org/glsa/glsa-201412-42.xml http://www.debian.org/security/2014/dsa-3041 http://www. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.3EPSS: 0%CPEs: 16EXPL: 0

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. La función hvm_msr_read_intercept en arch/x86/hvm/hvm.c en Xen 4.1 hasta 4.4.x utiliza un rango MSR indebido para la emulación x2APIC, lo que permite a huéspedes HVM locales causar una denegación de servicio (caída del anfitrión) o leer datos del hipervisor o otros huéspedes a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://secunia.com/advisories/61664 http://secunia.com/advisories/61858 http://secunia.com/advisories/61890 http: • CWE-399: Resource Management Errors •