CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15469 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-15469
17 Aug 2018 — An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). Se ha descubierto un problema en Xen hasta las versiones 4.11.x. • http://xenbits.xen.org/xsa/advisory-268.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14678 – Ubuntu Security Notice USN-3931-2
https://notcve.org/view.php?id=CVE-2018-14678
28 Jul 2018 — An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.11, tal y como se utiliza en Xen hasta la... • http://www.securityfocus.com/bid/104924 • CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12891 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-12891
29 Jun 2018 — An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. • http://www.openwall.com/lists/oss-security/2018/06/27/10 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12893 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-12893
29 Jun 2018 — An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. • http://www.openwall.com/lists/oss-security/2018/06/27/11 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10982 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-10982
10 May 2018 — An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (número de interrupción sorp... • http://openwall.com/lists/oss-security/2018/05/08/2 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10981 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-10981
10 May 2018 — An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 HVM provoquen una denegación de servicio (bucle infinito del sistema operativo del host) en situaciones en las que un modelo de dispositivo QEMU inten... • http://openwall.com/lists/oss-security/2018/05/08/3 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10471 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-10471
27 Apr 2018 — An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que los usuarios del sistema operativo PV x86 invitado provoquen una denegación de servicio (escritura en cero fuera de límites y cierre inesperado del hipervisor) mediante el procesamiento INT 80 ines... • http://www.securityfocus.com/bid/104003 • CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10472 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-10472
27 Apr 2018 — An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios HVM x86 del sistema operativo invitado (en ciertas configuraciones) lean archivos dom0 arbitrarios mediante la inserción QMP de un CDROM, además de especificando el archiv... • http://www.securityfocus.com/bid/104002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7541 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-7541
27 Feb 2018 — An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios desencadenando una transición de tabla grant de v2 a v1. Multiple vulnerabilities have been fou... • http://www.securityfocus.com/bid/103177 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7540 – Gentoo Linux Security Advisory 201810-06
https://notcve.org/view.php?id=CVE-2018-7540
27 Feb 2018 — An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 PV provoquen una denegación de servicio (bloqueo de la CPU del sistema operativo del host) mediante la liberación de una página de tabla L3/L4 de tipo non-preemptable. Multiple vulnerabilities have been found in Xen, ... • http://www.securityfocus.com/bid/103174 • CWE-400: Uncontrolled Resource Consumption •