CVE-2014-8867 – xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (xsa112)
https://notcve.org/view.php?id=CVE-2014-8867
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. El soporte de aceleración para la instrucción 'REP MOVS' en Xen 4.4.x, 3.2.x, y anteriores falla en la comprobación correcta de los límites para entrada/salida del mapeado de memoria (memory mapped I/O, MMIO) emulado en el hipervisor, lo que permite a invitados HVM locales causar una denegación de servicio (caída del anfitrión) a través de vectores no especificados. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-0783.html http://secunia.com/advisories/59949 http://secunia.com/advisories/62672 http://support.citrix.com/article/CTX200288 http://support.citrix.com/article/CTX201794 http://www.debian.org/security/2015/dsa-3140 http://www.security • CWE-17: DEPRECATED: Code •
CVE-2014-9030
https://notcve.org/view.php?id=CVE-2014-9030
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. La función do_mmu_update en arch/x86/mm.c en Xen 3.2.x hasta 4.4.x no maneja debidamente las referencias de páginas, lo que permite a dominios remotos causar una denegación de servicio mediante el aprovechamiento del control sobre un invitado HVM y un MMU_MACHPHYS_UPDATE manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/62672 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71207 http://xenbits.xen.org/xsa/advisory-113.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98853 https://security.gentoo.org/glsa/201504-04 • CWE-20: Improper Input Validation •
CVE-2014-8595
https://notcve.org/view.php?id=CVE-2014-8595
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. El fichero arch/x86/x86_emulate.c in Xen 3.2.1 hasta 4.4.x no comprueba correctamente los privilegios, lo que permite a los usuarios invitados HVM locales conseguir privilegios o causar una denegación de servicio (caída) a través de una instrucción manipulada de rama lejana (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, o (6) LRET. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/62537 http://secunia.com/advisories/62672 http://support.citrix.com/article/CTX200288 http://support.citrix.com/article/CTX201794 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71151 http://xenbits.xen.org/xsa/advisory-110.html https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-17: DEPRECATED: Code •
CVE-2014-8594
https://notcve.org/view.php?id=CVE-2014-8594
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). La función do_mmu_update en arch/x86/mm.c en Xen 4.x hasta la versión 4.4.x no restringe adecuadamente las actualizaciones a las tablas de página sólo para PV, lo que permite a invitados PV remotos provocar una denegación de servicio (referencia a puntero NULL) aprovechando los servicios de emulación de hardware para invitados HVM que utilizan Hardware Assisted Paging (HAP). • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://secunia.com/advisories/62672 http://www.debian.org/security/2015/dsa-3140 http://www.securityfocus.com/bid/71149 http://xenbits.xen.org/xsa/advisory-109.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98767 https://security.gentoo.org/glsa/201504-04 • CWE-20: Improper Input Validation •
CVE-2014-5148
https://notcve.org/view.php?id=CVE-2014-5148
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. Xen 4.4.x, cuando funciona con un sistema ARM y 'maneja un acceso al registro de un sistema desconocido de un espacio de usuario de 64 bits,' vuelve a una instrucción del manejador trap para fallos en espacios del kernel en lugar de una instrucción que está asociada con fallos en el espacio de usuario de 64 bits, lo que permite a usuarios locales invitados causar una denegación de servicio (caída) y posiblemente ganar privilegios a través de un proceso manipulado. • http://secunia.com/advisories/59934 http://www.securityfocus.com/bid/69189 http://www.securitytracker.com/id/1030725 http://xenbits.xenproject.org/xsa/advisory-103.html https://exchange.xforce.ibmcloud.com/vulnerabilities/95233 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •