CVE-2021-27379
https://notcve.org/view.php?id=CVE-2021-27379
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del Sistema Operativo invitado x86 Intel HVM obtener acceso DMA de lectura y escritura no previsto y posiblemente causar una denegación de servicio (bloqueo del Sistema Operativo host) o alcanzar privilegios. Esto ocurre porque un backport no se descargó y, por lo tanto, las actualizaciones de IOMMU no siempre fueron correctas. • http://www.openwall.com/lists/oss-security/2021/02/23/1 http://xenbits.xen.org/xsa/advisory-366.html https://www.debian.org/security/2021/dsa-4888 https://xenbits.xen.org/xsa/advisory-366.html •
CVE-2020-29486
https://notcve.org/view.php?id=CVE-2020-29486
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://security.gentoo.org/glsa/202107-30 https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-352.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-29481
https://notcve.org/view.php?id=CVE-2020-29481
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. • http://www.openwall.com/lists/oss-security/2020/12/16/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-322.html • CWE-269: Improper Privilege Management •
CVE-2020-29485
https://notcve.org/view.php?id=CVE-2020-29485
An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-330.txt • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-29484
https://notcve.org/view.php?id=CVE-2020-29484
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-324.txt • CWE-476: NULL Pointer Dereference •