NotCVE - vendor:"Xen" product:"Xen" version:"

Page 4 of 397 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-42326

https://notcve.org/view.php?id=CVE-2022-42326

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. Xenstore: los invitados pueden crear una cantidad arbitraria de nodos mediante transacciones. • http://www.openwall.com/lists/oss-security/2022/11/01/11 http://xenbits.xen.org/xsa/advisory-421.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://security.gentoo.org/glsa/202402-07 https:/ • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-42325

https://notcve.org/view.php?id=CVE-2022-42325

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-42327

https://notcve.org/view.php?id=CVE-2022-42327

x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. x86: intercambio de memoria no deseado entre invitados En los sistemas Intel que admiten la función "virtualizar accesos APIC", un invitado puede leer y escribir la página xAPIC compartida global sacando el APIC local del modo xAPIC. El acceso a esta página compartida evita el aislamiento esperado que debería existir entre dos invitados. • http://www.openwall.com/lists/oss-security/2022/11/01/3 http://xenbits.xen.org/xsa/advisory-412.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://security.gentoo.org/glsa/202402-07 https://xenbits.xenproject.org/xsa/advisory-412.txt •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-33746

https://notcve.org/view.php?id=CVE-2022-33746

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. La liberación del pool P2M puede tardar demasiado El pool P2M que respalda la traducción de direcciones de segundo nivel para huéspedes puede tener un tamaño considerable. Por lo tanto, su liberación puede tomar más tiempo de lo que es razonable sin comprobaciones intermedias de preferencia. • http://www.openwall.com/lists/oss-security/2022/10/11/3 http://xenbits.xen.org/xsa/advisory-410.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://security.gentoo.org/glsa/202402-07 https:// • CWE-404: Improper Resource Shutdown or Release •

CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-33748

https://notcve.org/view.php?id=CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. Inversión del orden de bloqueo en el manejo de la copia de concesión transitiva Como parte de XSA-226 fue insertada una llamada de limpieza que faltaba en una ruta de manejo de errores. • http://www.openwall.com/lists/oss-security/2022/10/11/2 http://xenbits.xen.org/xsa/advisory-411.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://security.gentoo.org/glsa/202402-07 https:// • CWE-755: Improper Handling of Exceptional Conditions •

1 2 3 4 5