CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3131 – kernel: xen: IOMMU fault livelock
https://notcve.org/view.php?id=CVE-2011-3131
Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. Xen v4.1.1 y anteriores permite causar una denegación de servicio (consumo de CPU y bloqueo de Xen) a los kernels de sistemas operativos huesped que controlan dispositivos PCI[E] a través de muchas peticiones DMA modificadas que son denegadas por la IOMMU, lo que desencadena un bloqueo activo. • http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html http://secunia.com/advisories/45622 http://secunia.com/advisories/51468 http://www.debian.org/security/2012/dsa-2582 http://www.securityfocus.com/bid/49146 http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a https://access.redhat.com/security/cve/CVE-2011-3131 https://bugzilla.redhat.com/show& • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2519 – kernel: xen: x86_emulate: fix SAHF emulation
https://notcve.org/view.php?id=CVE-2011-2519
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. Xen en el kernel de Linux, al ejecutar como invitado en una máquina sin paginación asistida por hardware (HAP), permite a usuarios invitados causar denegación de servicio (referencia a puntero inválido y caída del hipervisor) a través de la instrucción SAHF. • http://rhn.redhat.com/errata/RHSA-2011-1212.html http://www.openwall.com/lists/oss-security/2011/08/30/1 http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644 https://bugzilla.redhat.com/show_bug.cgi?id=718882 https://access.redhat.com/security/cve/CVE-2011-2519 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-2901 – kernel: xen: off-by-one shift in x86_64 __addr_ok()
https://notcve.org/view.php?id=CVE-2011-2901
Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. Error de superación de límite (off-by-one) en la macro __addr_ok en Xen 3.3 y anteriores permite a administradores invitados locales 64 bit PV causar una denegación del servicio (caída del host) a través de hypercalls no especificadas que ignoran bits de direcciones virtuales. • http://rhn.redhat.com/errata/RHSA-2011-1212.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.openwall.com/lists/oss-security/2011/09/02/2 https://bugzilla.redhat.com/show_bug.cgi?id=728042 https://access.redhat.com/security/cve/CVE-2011-2901 • CWE-193: Off-by-one Error CWE-399: Resource Management Errors •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3262 – xen: insufficiencies in pv kernel image validation
https://notcve.org/view.php?id=CVE-2011-3262
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0 y v4.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito de software de gestión y excesivo consumo de recursos en el administrador de dominios) a través de vectores no especificados relacionados con "La falta de comprobación de errores en el bucle de descompresión". • http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/69381 https://access.redhat.com/security/cve/CVE-2011-3262 https://bugzilla.redhat.com/show_bug.cgi?id=696927 • CWE-399: Resource Management Errors •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 1CVE-2011-1898 – virt: VT-d (PCI passthrough) MSI trap injection
https://notcve.org/view.php?id=CVE-2011-1898
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." Xen v4.1 anterior a v4.1.1 y v4.0 anterior a v4.0.2, cuando usa PCI passthrough sobre chipsets Intel VT-d que no tienen que interrumplir remapeado, permite a usuarios invitados del OS obtener privilegios de anfitrión "usando DMA para generar interrupciones MSI escribiendo en el registro de inyección de interrupció"n. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf http://xen.1045712.n5.na • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •