Page 7 of 390 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe. bucles de larga duración en el manejo de la tabla de concesiones. • http://www.openwall.com/lists/oss-security/2021/09/01/2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ https://security.gentoo.org/glsa/202208-23 https://www.debian.org/security/2021/dsa-4977 https:/&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ https://security.gentoo.org/glsa/202208-23 https://www.debian.org/security/2021/dsa-4977 https://xenbits.xenproject.org/xsa/advisory-382.txt •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. xen/arm: No se presenta un límite de memoria para dom0less domUs. La funcionalidad dom0less permite a un administrador crear múltiples dominios no privilegiado directamente desde Xen. Desafortunadamente, el límite de memoria de los mismos no está ajustado. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ https://security.gentoo.org/glsa/202208-23 https://www.debian.org/security/2021/dsa-4977 https://xenbits.xenproject.org/xsa/advisory-383.txt • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. xen/arm: Los módulos de arranque no se limpian. El cargador de arranque cargará los módulos de arranque (por ejemplo, kernel, initramfs...) en un área temporal antes de que sean copiados por Xen a la memoria de cada dominio. Para asegurar que no se filtren datos confidenciales de los módulos, Xen debe "scrub" antes de entregar la página al asignador. • https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-372.txt •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. x86: Las protecciones TSX Async Abort no son restauradas después de S3. Este problema está relacionado con una vulnerabilidad de seguridad especulativa TSX Async Abort. • https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-377.txt •