CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26933
https://notcve.org/view.php?id=CVE-2021-26933
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. • http://xenbits.xen.org/xsa/advisory-364.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP https://www.debian.org/security/2021/dsa-4888 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3308
https://notcve.org/view.php?id=CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. • http://www.openwall.com/lists/oss-security/2021/01/26/4 http://xenbits.xen.org/xsa/advisory-360.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN https://security.gentoo.org/glsa/202107-30 •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29486
https://notcve.org/view.php?id=CVE-2020-29486
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://security.gentoo.org/glsa/202107-30 https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-352.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29481
https://notcve.org/view.php?id=CVE-2020-29481
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. • http://www.openwall.com/lists/oss-security/2020/12/16/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-322.html • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29485
https://notcve.org/view.php?id=CVE-2020-29485
An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-330.txt • CWE-401: Missing Release of Memory after Effective Lifetime •