An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 HMV provoquen una denegaciĆ³n de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios debido a que se gestiona de manera incorrecta los mapeados autolineares de shadow para los invitados traducidos.
An update that solves four vulnerabilities and has two fixes is now available. This update for xen fixes several issues. These security issues were fixed. Code allowed for DoS guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS. The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks. X86 PV guest OS users were able to cause a DoS or possibly gain privileges via crafted page-table stacking. X86 HVM guest OS users were able to cause a DoS or possibly gain privileges because self-linear shadow mappings were mishandled for translated guests.
