CVE-2016-9384
https://notcve.org/view.php?id=CVE-2016-9384
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. Xen 4.7 permite a usuarios locales de SO huésped obtener información sensible del host cargando una tabla de símbolos 32-bit ELF. • http://www.securityfocus.com/bid/94468 http://www.securitytracker.com/id/1037343 http://xenbits.xen.org/xsa/advisory-194.html http://xenbits.xen.org/xsa/xsa194.patch https://security.gentoo.org/glsa/201612-56 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-7777
https://notcve.org/view.php?id=CVE-2016-7777
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Xen 4.7.x y versiones anteriores no respeta adecuadamente CR0.TS y CR0.EM, lo que permite a usuarios locales x86 HVM del SO invitado leer o modificar información del estado de registro FPU, MMX o XMM que pertenece a tareas arbitrarias en el invitado modificando una instrucción mientras que el hipervisor se prepara para emularlo. • http://www.securityfocus.com/bid/93344 http://www.securitytracker.com/id/1036942 http://xenbits.xen.org/xsa/advisory-190.html https://security.gentoo.org/glsa/201611-09 https://support.citrix.com/article/CTX217363 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2016-7154
https://notcve.org/view.php?id=CVE-2016-7154
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. Vulnerabilidad de uso después de liberación de memoria en el código de canal de evento FIFO en Xen 4.4.x permite a administradores locales del SO invitado provocar una denegación de servicio (caída de host) y posiblemente ejecutar código arbitrario u obtener información sensible a través de un número de marco invitado no válido. • http://support.citrix.com/article/CTX216071 http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf http://www.debian.org/security/2016/dsa-3663 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/92863 http://www.securitytracker.com/id/1036754 http://xenbits.xen.org/xsa/advisory-188.html http://xenbits.xen.org/xsa/xsa188.patch • CWE-416: Use After Free •
CVE-2016-7093
https://notcve.org/view.php?id=CVE-2016-7093
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. Xen 4.5.3, 4.6.3 y 4.7.x permiten a administradores locales del SO invitado HVM sobreescribir memoria del hipervisor y consecuentemente obtener privilegios del SO anfitrión aprovechando el mal manejo del truncamiento del puntero de instrucción durante la emulación. • http://support.citrix.com/article/CTX216071 http://www.securityfocus.com/bid/92865 http://www.securitytracker.com/id/1036752 http://xenbits.xen.org/xsa/advisory-186.html http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch https://security.gentoo.org/glsa/201611-09 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7094
https://notcve.org/view.php?id=CVE-2016-7094
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. Desbordamiento de búfer en Xen 4.7.x y versiones anteriores permite a administradores locales del SO invitado x86 HVM ejecutado con paginación sombra provocar una denegación de servicio a través de una actualización de tabla de página. • http://support.citrix.com/article/CTX216071 http://www.debian.org/security/2016/dsa-3663 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/92864 http://www.securitytracker.com/id/1036753 http://xenbits.xen.org/xsa/advisory-187.html http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch https://security.gentoo.org/glsa/201611-09 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •