CVE-2017-14316
https://notcve.org/view.php?id=CVE-2017-14316
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. Existe un problema de verificación de parámetros en Xen hasta la versión 4.9.x. • http://www.securityfocus.com/bid/100818 http://www.securitytracker.com/id/1039348 http://xenbits.xen.org/xsa/advisory-231.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://support.citrix.com/article/CTX227185 https://www.debian.org/security/2017/dsa-4050 • CWE-125: Out-of-bounds Read •
CVE-2017-12134
https://notcve.org/view.php?id=CVE-2017-12134
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. La función xen_biovec_phys_mergeable en drivers/xen/biomerge.c en Xen podría permitir que usuarios invitados locales del sistema operativo corrompan transmisiones en bloque de datos del sistema y, consecuentemente, obtengan información sensible de la memoria, provoquen una denegación de servicio o consigan privilegios del SO mediante el aprovechamiento del cálculo incorrecto de block IO merge-ability. • http://www.debian.org/security/2017/dsa-3981 http://www.openwall.com/lists/oss-security/2017/08/15/4 http://www.securityfocus.com/bid/100343 http://www.securitytracker.com/id/1039176 http://xenbits.xen.org/xsa/advisory-229.html https://bugzilla.redhat.com/show_bug.cgi?id=1477656 https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX225941 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 • CWE-682: Incorrect Calculation •
CVE-2017-12135
https://notcve.org/view.php?id=CVE-2017-12135
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Xen permite que usuarios locales invitados del sistema operativo provoquen una denegación de servicio (bloqueo) o que tengan la posibilidad de obtener información sensible u obtener privilegios mediante vectores relacionados con concesiones transitivas. • http://www.debian.org/security/2017/dsa-3969 http://www.openwall.com/lists/oss-security/2017/08/15/1 http://www.openwall.com/lists/oss-security/2017/08/17/6 http://www.openwall.com/lists/oss-security/2020/04/14/4 http://www.securityfocus.com/bid/100344 http://www.securitytracker.com/id/1039178 http://xenbits.xen.org/xsa/advisory-226.html https://bugzilla.redhat.com/show_bug.cgi?id=1477655 https://security.gentoo.org/glsa/201801-14 https://support.cit • CWE-682: Incorrect Calculation •
CVE-2017-12136
https://notcve.org/view.php?id=CVE-2017-12136
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios en el host mediante vectores que impliquen la gestión de lista libre de maptrack. • http://www.debian.org/security/2017/dsa-3969 http://www.openwall.com/lists/oss-security/2017/08/15/3 http://www.securityfocus.com/bid/100346 http://www.securitytracker.com/id/1039175 http://xenbits.xen.org/xsa/advisory-228.html https://bugzilla.redhat.com/show_bug.cgi?id=1477651 https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX225941 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-12137
https://notcve.org/view.php?id=CVE-2017-12137
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. arch/x86/mm.c en Xen permite que usuarios locales PV del sistema operativo obtengan privilegios SO del host mediante vectores relacionados con map_grant_ref. • http://www.debian.org/security/2017/dsa-3969 http://www.openwall.com/lists/oss-security/2017/08/15/2 http://www.securityfocus.com/bid/100342 http://www.securitytracker.com/id/1039174 http://xenbits.xen.org/xsa/advisory-227.html https://bugzilla.redhat.com/show_bug.cgi?id=1477657 https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX225941 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •