Page 37 of 184 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0

CVE-2011-1166 – kernel: xen: x86_64: fix error checking in arch_set_info_guest()

https://notcve.org/view.php?id=CVE-2011-1166

Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. Xen, probablemente anterior a v4.0.2 permite a invitados locales de 64-bit PV provocar una denegación de servicio (caída del host) especificando la ejecución en modo usuario sin las tablas de página. • http://downloads.avaya.com/css/P8/documents/100145416 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://wiki.xen.org/wiki/Security_Announcements#XSA-1_Host_crash_due_to_failure_to_correctly_validate_PV_kernel_execution_state. https://access.redhat.com/security/cve/CVE-2011-1166 https://bugzilla.redhat.com/show_bug.cgi?id=688579 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0

CVE-2010-4255 – xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area

https://notcve.org/view.php?id=CVE-2010-4255

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. La función fixup_page_fault en arch/x86/traps.c en Xen v.4.0.1 y anteriores sobre plataformas 64-bit, cuando se activa la paravirtualización, no verifica que el modo kernel está usado para llamar a la función handle_gdt_ldt_mapping_fault, lo que permite a los usuarios invitados del sistema operativo provocar una denegación de servicio (host OS BUG_ON) a través de un acceso de memoria manipulado. • http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html http://openwall.com/lists/oss-security/2010/11/30/5 http://openwall.com/lists/oss-security/2010/11/30/8 http://secunia.com/advisories/42884 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0017.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug •

CVSS: 2.7EPSS: 0%CPEs: 16EXPL: 0

CVE-2010-3699 – kernel: guest->host denial of service from invalid xenbus transitions

https://notcve.org/view.php?id=CVE-2010-3699

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. El driver backend en Xen v3.x permite a usuarios del OS causar una denegación de servicio a través de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado OS sean apagados o se cree un dominio zombie, causando una caída en zenwatch, o impida que comandos sin especificar xm trabajen de forma adecuada, relacionado con (1) netback, (2) blkback, o (3) blktap. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://secunia.com/advisories/42372 http://secunia.com/advisories/42789 http://secunia.com/advisories/43056 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0004.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45039 http://www.securitytracker.com/id?1024786 http://www.vmware.com/security/advisories/VMSA-2011-0012.html ht • CWE-399: Resource Management Errors •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-2070 – /kernel/security/CVE-2006-0742 test cause kernel-xen panic on ia64

https://notcve.org/view.php?id=CVE-2010-2070

arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742. arch/ia64/xen/faults.c en Xen v3.4 y v4.0 en el kernel de Linux v2.6.18, y posiblemente otras versiones, cuando se ejecuta sobre arquitecturas IA-64, permite a usuarios locales provocar una denegación de servicio y "activar BE mediante la modificación de la máscara de usuario del PSR". Como se ha demostrado explotando el CVE-2006-0742. • http://osvdb.org/65541 http://secunia.com/advisories/43315 http://www.openwall.com/lists/oss-security/2010/06/10/2 http://www.redhat.com/support/errata/RHSA-2010-0610.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/40776 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb https://bugzilla.redhat.com/show_bug.cgi?id=586415 https://exchange •