Page 7 of 37 results (0.008 seconds)

CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 1

CVE-2011-1898 – virt: VT-d (PCI passthrough) MSI trap injection

https://notcve.org/view.php?id=CVE-2011-1898

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." Xen v4.1 anterior a v4.1.1 y v4.0 anterior a v4.0.2, cuando usa PCI passthrough sobre chipsets Intel VT-d que no tienen que interrumplir remapeado, permite a usuarios invitados del OS obtener privilegios de anfitrión "usando DMA para generar interrupciones MSI escribiendo en el registro de inyección de interrupció"n. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf http://xen.1045712.n5.na • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0

CVE-2010-4255 – xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area

https://notcve.org/view.php?id=CVE-2010-4255

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. La función fixup_page_fault en arch/x86/traps.c en Xen v.4.0.1 y anteriores sobre plataformas 64-bit, cuando se activa la paravirtualización, no verifica que el modo kernel está usado para llamar a la función handle_gdt_ldt_mapping_fault, lo que permite a los usuarios invitados del sistema operativo provocar una denegación de servicio (host OS BUG_ON) a través de un acceso de memoria manipulado. • http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html http://openwall.com/lists/oss-security/2010/11/30/5 http://openwall.com/lists/oss-security/2010/11/30/8 http://secunia.com/advisories/42884 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0017.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2

CVE-2010-4238 – kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV

https://notcve.org/view.php?id=CVE-2010-4238

The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. La función vbd_create de Xen 3.1.2, cuando el kernel de Linux 2.6.18 de Red Hat Enterprise Linux (RHEL) 5 es utilizado, permite a usuarios del SO invitados provocar una denegación de servicio (excepción "panic" del SO del equipo) a través de un intento de acceso a un dispositivo de CD-ROM virtual a través del controlador blkback. NOTA: algunos de estos detalles han sido obtenidos de terceras partes. • http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517 http://secunia.com/advisories/42884 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0017.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45795 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=655623 https://exchange.xforce.ibmcloud.com/vulnerabilities/64698 https://access& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2010-4247 – xen: request-processing loop is unbounded in blkback

https://notcve.org/view.php?id=CVE-2010-4247

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. La función do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c en Xen anterior a v3.4.0 para el kernel Linux v2.6.18, y posiblemente otras versiones, permite a los usuarios invitados del sistema operativo causar una denegación de servicio (bucle infinito y el consumo de CPU) a través de un gran índice de producción de peticiones a los controladores blkback o blktap back-end. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/35093 http://secunia.com/advisories/42789 http://secunia.com/advisories/46397 http://www.openwall.com/lists/oss-security/2010/11/23/1 http://www.openwall.com/lists/oss-security/2010/11/24/8 http://www.redhat.com/support/errata/RHSA-2011-0004.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45029 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://www.vupen.com/ • CWE-20: Improper Input Validation •

CVSS: 2.7EPSS: 0%CPEs: 16EXPL: 0

CVE-2010-3699 – kernel: guest->host denial of service from invalid xenbus transitions

https://notcve.org/view.php?id=CVE-2010-3699

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. El driver backend en Xen v3.x permite a usuarios del OS causar una denegación de servicio a través de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado OS sean apagados o se cree un dominio zombie, causando una caída en zenwatch, o impida que comandos sin especificar xm trabajen de forma adecuada, relacionado con (1) netback, (2) blkback, o (3) blktap. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://secunia.com/advisories/42372 http://secunia.com/advisories/42789 http://secunia.com/advisories/43056 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0004.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45039 http://www.securitytracker.com/id?1024786 http://www.vmware.com/security/advisories/VMSA-2011-0012.html ht • CWE-399: Resource Management Errors •