Page 91 of 468 results (0.011 seconds)

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-2934 – kernel: denial of service due to AMD Erratum #121

https://notcve.org/view.php?id=CVE-2012-2934

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217. Xen v4.0 y v4.1, cuando se ejecuta un cliente PV de 64-bit en CPUs AMD "antiguas", no protege adecuadamente contra un determiando fallo del procesador AMD, lo que permite a usuarios de sistemas operativos huesped provocar una denegación de servicio (caída del host) a través de la ejecución secuencial de las instrucciones. Se trata de una vulnerabilidad diferente a CVE-2012-0217a. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html http://secunia.com/advisories/51413 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://support.amd.com/us/Processor_TechDocs/25759.pdf http://www.debian.org/security/2012/dsa-2501 http://www.securityfocus.com/bid/53961 •

CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 3

CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation

https://notcve.org/view.php?id=CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 2

CVE-2011-3346 – qemu: local DoS with SCSI CD-ROM

https://notcve.org/view.php?id=CVE-2011-3346

Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. Desbordamiento de buffer en hw/scsi-disk.c en el subsistema SCSI en QEMU anterior a 0.15.2, utilizado por Xen, podría permitir a usuarios locales invitados con permiso para acceder al CD-ROM causar una denegación de servicio (caída de invitado) a través de un comando SAI READ CAPACITY SCSI manipulado. NOTA: esto es solo una vulnerabilidad cuando root ha modificado manualmente ciertos permisos o ACLs. • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://www.openwall.com/lists/oss-security/2011/10/20/2 http://www.redhat.com/support/errata/RHSA-2011-1401.html https://bugzilla.redhat.com/show_bug.cgi?id=736038 https://github.com/bonzini/qemu/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a https://github.com/bonzini/qemu/commit/7285477ab11831b1cf56e45878a89170dd06d9b9 https://access.redhat.com/security/cve/CVE-2011-3346 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2011-3131 – kernel: xen: IOMMU fault livelock

https://notcve.org/view.php?id=CVE-2011-3131

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. Xen v4.1.1 y anteriores permite causar una denegación de servicio (consumo de CPU y bloqueo de Xen) a los kernels de sistemas operativos huesped que controlan dispositivos PCI[E] a través de muchas peticiones DMA modificadas que son denegadas por la IOMMU, lo que desencadena un bloqueo activo. • http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html http://secunia.com/advisories/45622 http://secunia.com/advisories/51468 http://www.debian.org/security/2012/dsa-2582 http://www.securityfocus.com/bid/49146 http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a https://access.redhat.com/security/cve/CVE-2011-3131 https://bugzilla.redhat.com/show& • CWE-399: Resource Management Errors •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2011-2901 – kernel: xen: off-by-one shift in x86_64 __addr_ok()

https://notcve.org/view.php?id=CVE-2011-2901

Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. Error de superación de límite (off-by-one) en la macro __addr_ok en Xen 3.3 y anteriores permite a administradores invitados locales 64 bit PV causar una denegación del servicio (caída del host) a través de hypercalls no especificadas que ignoran bits de direcciones virtuales. • http://rhn.redhat.com/errata/RHSA-2011-1212.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.openwall.com/lists/oss-security/2011/09/02/2 https://bugzilla.redhat.com/show_bug.cgi?id=728042 https://access.redhat.com/security/cve/CVE-2011-2901 • CWE-193: Off-by-one Error CWE-399: Resource Management Errors •