CVE-2012-4544 – xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
https://notcve.org/view.php?id=CVE-2012-4544
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. El PV domain builder en Xen 4.2 y anteriores, no valida el tamaño del kernel o del ramdisk(1) antes o (2) después de la descompresión, lo que permite a administradores locales de los sistemas huésped provocar una denegación de servicio (consumo de memoria) a través de un (1)kernel o (2)ramdisk manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security- • CWE-20: Improper Input Validation •
CVE-2012-3496
https://notcve.org/view.php?id=CVE-2012-3496
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. XENMEM_populate_physmap en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando el modo de traducción de página no se utiliza, permite a los kernels locales PV del SO invitado causar una denegación de servicio (caída del host) a través flags inválidos como MEMF_populate_on_demand. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11 • CWE-16: Configuration •
CVE-2012-3494
https://notcve.org/view.php?id=CVE-2012-3494
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. La hiperllamada et_debugreg en include/asm-x86/debugreg.h en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando se ejecuta sobre systemas x86-64, permite a usuarios locales del SO invitado generar una denegación de servicio (caída del host) mediante la escritura de ciertos bits reservados para el registro de control DR • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-09 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4411
https://notcve.org/view.php?id=CVE-2012-4411
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. La consola gráfica en Xen v4.0, v4.1 yv 4.2 permite a los administradores del SO invitado obtener información sensible a través del monitor QEMU. NOTA: este podría ser un duplicado de CVE-2007-0.998. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html http://lists.xen.org/archives/html/xen-announce/2012-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape manipulada que desencadena la sobrescritura del espacio de direcciones de un "device model's address space." • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •