CVE-2015-4106
https://notcve.org/view.php?id=CVE-2015-4106
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podría permitir a invitados x86 HVM locales obtener privilegios, causar una denegación de servicio (caída de host), obtener información sensible o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce • CWE-863: Incorrect Authorization •
CVE-2012-3498
https://notcve.org/view.php?id=CVE-2012-3498
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. PHYSDEVOP_map_pirq en Xen v4.1 y v4.2 y Citrix XenServer v6.0.2 y anteriores permite a un kernel OS HVM invitado causar una denegación de servicio (caída del host) y posiblemente leer hipervisor o memoria mediante vectores relacionados con una falta de comproebación de map->index. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html http://osvdb.org/85198 http://secunia.com/advisories/ • CWE-20: Improper Input Validation •
CVE-2012-3516
https://notcve.org/view.php?id=CVE-2012-3516
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. La sub-operación GNTTABOP_swap_grant_ref en el "grant table hypercall" en Xen v4.2 y Citrix XenServer v6.0.2 permite a los kernels locales de invitado o administradores causar una denegación de servicio (caída del host) y, posiblemente, obtener privilegios a través de una referencia manipulada que genera una escritura en una ubicación en memoria del hipervisor • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://secunia.com/advisories/50472 http://secunia.com/advisories/50530 http://support.citrix.com/article/CTX134708 http://wiki.xen.org/wiki/Security_Announcements#XSA-18_grant_table_entry_swaps_have_inadequate_bounds_checking http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.securityfocus.com/bid/55411 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3495
https://notcve.org/view.php?id=CVE-2012-3495
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. La hypercall physdev_get_free_pirq en arch/x86/physdev.c en Xen v4.1.x y Citrix XenServer v6.0.2 y anteriores utiliza el valor devuelto por la función get_free_pirq como un índice de la matriz sin comprobar que el valor de retorno indica un error, permitiendo a los huéspedes del OS invitado causar una denegación de servicio (escritura de memoria no válidas y caída del host) y, posiblemente, obtener privilegios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html http://secunia.com/advisories/51413 http://secunia.com • CWE-20: Improper Input Validation •
CVE-2012-4606
https://notcve.org/view.php?id=CVE-2012-4606
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. Citrix XenServer versiones 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0 y 5.0 Update 3, contiene una vulnerabilidad de Escalada de Privilegios Locales que podría permitir a usuarios locales con acceso a un sistema operativo invitado alcanzar privilegios elevados. • http://www.securityfocus.com/bid/55432 • CWE-269: Improper Privilege Management •