CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19961 – Debian Security Advisory 4369-1
https://notcve.org/view.php?id=CVE-2018-19961
08 Dec 2018 — An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Se ha descubierto un problema en Xen hasta las versiones 4.11.x en plataformas AMD x86, que podría permitir que usuarios invitados del sistema operativo obtengan privilegios del host del sistema operativo. Esto se debe a que los vaciados TLB no siempre ocurren tras cambios en el mapeo de IOMMU. Multiple vulnerabil... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19962 – Debian Security Advisory 4369-1
https://notcve.org/view.php?id=CVE-2018-19962
08 Dec 2018 — An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. Se ha descubierto un problema en Xen hasta las versiones 4.11.x en plataformas AMD x86, que podría permitir que usuarios invitados del sistema operativo obtengan privilegios del host del sistema operativo. Esto se debe a que los mapeos de IOMMU pequeños se combinan de forma insegura con mapeos más grandes. Multipl... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19965 – Debian Security Advisory 4369-1
https://notcve.org/view.php?id=CVE-2018-19965
08 Dec 2018 — An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. Se ha descubierto un problema en Xen 4.11.x que permite que usuarios PV invitados del sistema operativo de 64 bits provoquen una denegación de servicio (cierre inesperado del sistema operativo del host) debi... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html •
CVSS: 7.8EPSS: 17%CPEs: 24EXPL: 6CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12134 – Ubuntu Security Notice USN-3444-2
https://notcve.org/view.php?id=CVE-2017-12134
24 Aug 2017 — The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. La función xen_biovec_phys_mergeable en drivers/xen/biomerge.c en Xen podría permitir que usuarios invitados locales del sistema operativo corrompan transmisiones en bloque de datos del sistema y, conse... • http://www.debian.org/security/2017/dsa-3981 • CWE-682: Incorrect Calculation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12135 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12135
24 Aug 2017 — Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Xen permite que usuarios locales invitados del sistema operativo provoquen una denegación de servicio (bloqueo) o que tengan la posibilidad de obtener información sensible u obtener privilegios mediante vectores relacionados con concesiones transitivas. Multiple vulnerabilities have been found in Xen, the worst of which could allow for priv... • http://www.debian.org/security/2017/dsa-3969 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-12136 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12136
24 Aug 2017 — Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios... • http://www.debian.org/security/2017/dsa-3969 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12137 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12137
24 Aug 2017 — arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. arch/x86/mm.c en Xen permite que usuarios locales PV del sistema operativo obtengan privilegios SO del host mediante vectores relacionados con map_grant_ref. Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected. • http://www.debian.org/security/2017/dsa-3969 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.9EPSS: 2%CPEs: 32EXPL: 0CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
https://notcve.org/view.php?id=CVE-2017-2620
27 Feb 2017 — Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un p... • http://rhn.redhat.com/errata/RHSA-2017-0328.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 0CVE-2017-2615 – Qemu: display: cirrus: oob access while doing bitblt copy backward mode
https://notcve.org/view.php?id=CVE-2017-2615
21 Feb 2017 — Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera ... • http://rhn.redhat.com/errata/RHSA-2017-0309.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •