CVSS: 8.6EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4255 – xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
https://notcve.org/view.php?id=CVE-2010-4255
25 Jan 2011 — The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. La función fixup_page_fault en arch/x86/traps.c en Xen v.4.0.1 y anteriores sobre plataformas 64-bit, cuando se activa la paravirtualización, no verifica que el modo kernel está usado p... • http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2010-4247 – xen: request-processing loop is unbounded in blkback
https://notcve.org/view.php?id=CVE-2010-4247
11 Jan 2011 — The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. La función do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blkt... • http://secunia.com/advisories/35093 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-3699 – kernel: guest->host denial of service from invalid xenbus transitions
https://notcve.org/view.php?id=CVE-2010-3699
08 Dec 2010 — The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. El driver backend en Xen v3.x permite a usuarios del OS causar una denegación de servicio a través de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado ... • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2070 – /kernel/security/CVE-2006-0742 test cause kernel-xen panic on ia64
https://notcve.org/view.php?id=CVE-2010-2070
16 Jun 2010 — arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742. arch/ia64/xen/faults.c en Xen v3.4 y v4.0 en el kernel de Linux v2.6.18, y posiblemente otras versiones, cuando se ejecuta sobre arquitecturas IA-64, permite a usuarios locales provocar una denegación de servicio y "ac... • http://osvdb.org/65541 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 5CVE-2009-3525 – Xen 3.x - pygrub Local Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3525
05 Oct 2009 — The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. El pyGrub en Xen v3.0.3, v3.3.0, y Xen-3.3.1 no soporta la opción password en grub.conf para las invitaciones "para-virtualized", lo que permite a atacantes con acceso a la consola invitada para-vir... • https://www.exploit-db.com/exploits/33255 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 1CVE-2009-1758 – kernel: xen: local denial of service
https://notcve.org/view.php?id=CVE-2009-1758
22 May 2009 — The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." La función hypervisor_callback en Xen, posiblemente anteriores a v3.4.0, como la que se aplica al kernel de linux v2.6.30-rc4, 2.6.18 y posiblemente otroas versiones permiten a aplicaciones del usuario guess provoca... • http://lists.xensource.com/archives/html/xen-devel/2009-05/msg00561.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5716
https://notcve.org/view.php?id=CVE-2008-5716
24 Dec 2008 — xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. xend en Xen 3.3.0 no restringe adecuadamente el acceso de escritura de una máquina virtual invitada en el árbol d... • http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4993 – xen: insecure temporary file use in qemu-dm.debug
https://notcve.org/view.php?id=CVE-2008-4993
07 Nov 2008 — qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. qemu-dm.debug en Xen v3.2.1 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico al fichero temporal /tmp/args. • http://bugs.debian.org/496367 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-3687
https://notcve.org/view.php?id=CVE-2008-3687
14 Aug 2008 — Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. Un desbordamiento de búfer basado en pila en la función flask_security_label en Xen 3.3, cuando se compila con el modulo XSM:FLASK, permite que usuarios del dominio (domU) sin privilegios puedan ejecutar código arbitrario a través de la hiperllamada flask_op. • http://invisiblethingslab.com/bh08/part2.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •