CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3308
https://notcve.org/view.php?id=CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. • http://www.openwall.com/lists/oss-security/2021/01/26/4 http://xenbits.xen.org/xsa/advisory-360.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN https://security.gentoo.org/glsa/202107-30 •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29486
https://notcve.org/view.php?id=CVE-2020-29486
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://security.gentoo.org/glsa/202107-30 https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-352.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29481
https://notcve.org/view.php?id=CVE-2020-29481
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. • http://www.openwall.com/lists/oss-security/2020/12/16/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-322.html • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29485
https://notcve.org/view.php?id=CVE-2020-29485
An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-330.txt • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29484
https://notcve.org/view.php?id=CVE-2020-29484
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-324.txt • CWE-476: NULL Pointer Dereference •