CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-18420 – Gentoo Linux Security Advisory 202003-56
https://notcve.org/view.php?id=CVE-2019-18420
31 Oct 2019 — An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time ... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17340 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17340
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado de x86, causar una denegación de servicio u alcanzar privilegios porque las peticiones de transferencia grant-table son manejadas inapropiadamente. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could... • http://www.openwall.com/lists/oss-security/2019/10/25/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17341 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17341
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio u alcanzar privilegios mediante el aprovechamiento de una condición de carrera de escritura de página durante la adición de un dispositivo... • http://www.openwall.com/lists/oss-security/2019/10/25/6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17342 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17342
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio u alcanzar privilegios mediante el aprovechamiento de una condición de carrera que surgió cuando se introdujo XENMEM_exchange. Multiple vulnerabilities hav... • http://www.openwall.com/lists/oss-security/2019/10/25/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17343 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17343
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio u alcanzar privilegios mediante el aprovechamiento del uso incorrecto del concepto physmap de HVM para dominios PV. Multiple vulnerabilities have been discovered i... • http://www.openwall.com/lists/oss-security/2019/10/25/10 • CWE-667: Improper Locking •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17344 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17344
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio mediante el aprovechamiento de una operación de larga ejecución que se presenta para soportar la reiniciabilidad de las actualizaciones PTE. Multiple vulnerabil... • http://www.openwall.com/lists/oss-security/2019/10/25/3 • CWE-662: Improper Synchronization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17346 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17346
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio u alcanzar privilegios debido a una incompatibilidad entre los Identificadores de Contexto del Proceso (PCID) y las descargas de TLB. Multiple v... • http://www.openwall.com/lists/oss-security/2019/10/25/5 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17347 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17347
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio u alcanzar privilegios porque un invitado puede manipular su %cr4 virtualizado en una manera que es incom... • http://www.openwall.com/lists/oss-security/2019/10/25/8 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17348 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17348
08 Oct 2019 — An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. Se detectó un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegación de servicio debido a una incompatibilidad entre los Identificadores de Contexto del Proceso (PCID) y la conmutación shadow-pagetable. Multiple vulnerabilities h... • http://www.openwall.com/lists/oss-security/2019/10/25/7 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17349 – Debian Security Advisory 4602-1
https://notcve.org/view.php?id=CVE-2019-17349
08 Oct 2019 — An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. Se detectó un problema en Xen versiones hasta 4.12.x, permitiendo a atacantes Arm domU causar una denegación de servicio (bucle infinito) involucrando una operación LoadExcl o StoreExcl. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information l... • http://xenbits.xen.org/xsa/advisory-295.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •