CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3498
https://notcve.org/view.php?id=CVE-2012-3498
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. PHYSDEVOP_map_pirq en Xen v4.1 y v4.2 y Citrix XenServer v6.0.2 y anteriores permite a un kernel OS HVM invitado causar una denegación de servicio (caída del host) y posiblemente leer hipervisor o memoria mediante vectores relacionados con una falta de comproebación de map->index. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html http://osvdb.org/85198 http://secunia.com/advisories/ • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6031
https://notcve.org/view.php?id=CVE-2012-6031
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_get en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 permiten a los usuarios del SO invitado provocar una denegación de servicio (caída del host) a través de vectores relacionados con un "spinlock" siendo mantenido en el "bad_copy error path." NOTA: este problema se publicó originalmente como parte del CVE-2012-3497, que era demasiado general; CVE-2012-3497 se ha dividido en este ID y otros. • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html http://osvdb.org/85199 http://secunia.com/advisories/50472 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.securityfocus.com/bid/55410 http://www.securitytracker.com/id?1027482 https://exchange.xforce.ibmcloud& • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6030
https://notcve.org/view.php?id=CVE-2012-6030
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_op en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 permiten a los usuarios del SO invitado provocar una denegación de servicio (caída del host) y posiblemente generar otros impactos no especificados mediante vectores no especificados relacionados con "broken locking checks" en un "error path." NOTA: este problema se publicó originalmente como parte del CVE-2012-3497, que era demasiado general; CVE-2012-3497 se ha dividido en este ID y otros. • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html http://osvdb.org/85199 http://secunia.com/advisories/50472 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.securityfocus.com/bid/55410 http://www.securitytracker.com/id?1027482 https://exchange.xforce.ibmcloud& • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3516
https://notcve.org/view.php?id=CVE-2012-3516
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. La sub-operación GNTTABOP_swap_grant_ref en el "grant table hypercall" en Xen v4.2 y Citrix XenServer v6.0.2 permite a los kernels locales de invitado o administradores causar una denegación de servicio (caída del host) y, posiblemente, obtener privilegios a través de una referencia manipulada que genera una escritura en una ubicación en memoria del hipervisor • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://secunia.com/advisories/50472 http://secunia.com/advisories/50530 http://support.citrix.com/article/CTX134708 http://wiki.xen.org/wiki/Security_Announcements#XSA-18_grant_table_entry_swaps_have_inadequate_bounds_checking http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.securityfocus.com/bid/55411 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6034
https://notcve.org/view.php?id=CVE-2012-6034
The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función (1) tmemc_save_get_next_page y (2) tmemc_save_get_next_inv y la sub-operación (3) TMEMC_SAVE_GET_POOL_UUID sub-operación en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 no chequea los punteros entrantes del búfer de salida de invitado, lo que permite a usuarios del SO de invitado provocar una denegación de servicio (corrupción de memoria y caída del host) o posiblemente ejecutar código arbitrario a través de vectores no especificados. NOTA: este problema se publicó originalmente como parte de CVE-2012-3497, que era demasiado general; CVE-2012-3497 se ha dividido en este ID y otros. • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html http://osvdb.org/85199 http://secunia.com/advisories/50472 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.securityfocus.com/bid/55410 http://www.securitytracker.com/id?1027482 https://exchange.xforce.ibmcloud& • CWE-20: Improper Input Validation •