CVE-2012-4537 – kernel: xen: Memory mapping failure can crash Xen
https://notcve.org/view.php?id=CVE-2012-4537
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." Xen v3.4 hasta v4.2 y posiblemente versiones anteriores, no sincroniza correctamente las tablas p2m y m2p cuando la función set_p2m_entry falla, lo que permite a los administradores de sistemas operativos clientes en HVM locales, causar una denegación de servicio (consumo de memoria y error de aserción), también conocido como "vulnerabilidad de denegación de servicio por fallo en mapeo de memoria. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04 • CWE-16: Configuration •
CVE-2012-4544 – xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
https://notcve.org/view.php?id=CVE-2012-4544
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. El PV domain builder en Xen 4.2 y anteriores, no valida el tamaño del kernel o del ramdisk(1) antes o (2) después de la descompresión, lo que permite a administradores locales de los sistemas huésped provocar una denegación de servicio (consumo de memoria) a través de un (1)kernel o (2)ramdisk manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security- • CWE-20: Improper Input Validation •
CVE-2012-3496
https://notcve.org/view.php?id=CVE-2012-3496
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. XENMEM_populate_physmap en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando el modo de traducción de página no se utiliza, permite a los kernels locales PV del SO invitado causar una denegación de servicio (caída del host) a través flags inválidos como MEMF_populate_on_demand. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11 • CWE-16: Configuration •
CVE-2012-3494
https://notcve.org/view.php?id=CVE-2012-3494
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. La hiperllamada et_debugreg en include/asm-x86/debugreg.h en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando se ejecuta sobre systemas x86-64, permite a usuarios locales del SO invitado generar una denegación de servicio (caída del host) mediante la escritura de ciertos bits reservados para el registro de control DR • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-09 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4411
https://notcve.org/view.php?id=CVE-2012-4411
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. La consola gráfica en Xen v4.0, v4.1 yv 4.2 permite a los administradores del SO invitado obtener información sensible a través del monitor QEMU. NOTA: este podría ser un duplicado de CVE-2007-0.998. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html http://lists.xen.org/archives/html/xen-announce/2012-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •