CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25604 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25604
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25601 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25601
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of t... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25595 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25595
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to cra... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15852
https://notcve.org/view.php?id=CVE-2020-15852
20 Jul 2020 — An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. Se detectó un problema en el kernel de Linux versiones 5.5 hasta 5.7.9, como es usado en Xen versiones hasta 4.13.x para invitados PV x86. Un atacante puede otorgar los permi... • http://www.openwall.com/lists/oss-security/2020/07/21/2 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15567 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-15567
07 Jul 2020 — An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15565 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-15565
07 Jul 2020 — An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2020-11743 – Debian Security Advisory 4723-1
https://notcve.org/view.php?id=CVE-2020-11743
14 Apr 2020 — An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11742 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-11742
14 Apr 2020 — An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-11741 – Debian Security Advisory 4723-1
https://notcve.org/view.php?id=CVE-2020-11741
14 Apr 2020 — An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail point... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-11740 – Debian Security Advisory 4723-1
https://notcve.org/view.php?id=CVE-2020-11740
14 Apr 2020 — An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. Se detectó un problema en xenoprof en Xen versiones hasta 4.13.x, permitiendo a usuarios invitados del Sistema Operativo (sin perfiles activos) obtener información confidencial sobre otros invitados. Los... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •