CVSS: 4.7EPSS: 0%CPEs: 44EXPL: 0CVE-2015-8340
https://notcve.org/view.php?id=CVE-2015-8340
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. La función memory_exchange en common/memory.c en Xen 3.2.x hasta la versión 4.6.x no devuelve adecuadamente páginas a un dominio, lo que podría permitir a administradores invitados del SO causar una denegación de servicio (interbloqueo o caída del host) a través de vectores no especificados, relacionados con un error de manejo XENMEM_exchange. • http://support.citrix.com/article/CTX203451 http://www.debian.org/security/2016/dsa-3519 http://www.securityfocus.com/bid/79038 http://www.securitytracker.com/id/1034391 http://xenbits.xen.org/xsa/advisory-159.html https://security.gentoo.org/glsa/201604-03 • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2015-8341
https://notcve.org/view.php?id=CVE-2015-8341
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. La librería libxl toolstack en Xen 4.1.x hasta la versión 4.6.x no libera adecuadamente el mapeo de archivos utilizados como kernels y ramdisks iniciales cuando manejan múltiples dominios en el mismo proceso, lo que permite a atacantes causar una denegación de servicio (consumo de memoria y disco) mediante dominios de arranque. • http://www.debian.org/security/2016/dsa-3519 http://www.securitytracker.com/id/1034389 http://xenbits.xen.org/xsa/advisory-160.html https://security.gentoo.org/glsa/201604-03 • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2015-7812
https://notcve.org/view.php?id=CVE-2015-7812
The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. La función hypercall_create_continuation en arch/arm/domain.c en Xen 4.4.x hasta la versión 4.6.x permite a usuarios locales invitados provocar una denegación de servicio (caída de host) a través de una hypercall a la interfaz multi llamada. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html http://www.debian.org/security/2015/dsa-3414 http://www.securitytracker.com/id/1034031 http://xenbits.xen.org/xsa/advisory-145.html https://security.gentoo.org/glsa/201604-03 • CWE-254: 7PK - Security Features •
CVSS: 5.2EPSS: 0%CPEs: 30EXPL: 0CVE-2015-8104 – virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
https://notcve.org/view.php?id=CVE-2015-8104
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencadenando muchas excepciones #DB (también conocidas como Debug), relacionadas con svm.c. It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http:/&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.2EPSS: 0%CPEs: 33EXPL: 0CVE-2015-5307 – virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception
https://notcve.org/view.php?id=CVE-2015-5307
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencandenando muchas excepciones #AC (también conocidas como Alignment Check), relacionadas con svm.c y vmx.c. It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http:/&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •