Lucene search

K
redosRedosROS-20240911-11
HistorySep 11, 2024 - 12:00 a.m.

ROS-20240911-11

2024-09-1100:00:00
redos.red-soft.ru
4
xen hypervisor
processor firmware
information disclosure
unauthorized access
system vulnerability

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

Vulnerability in the cross-platform Xen hypervisor of the Linux operating system kernel is related to disclosure of
information. Exploitation of the vulnerability could allow an attacker acting remotely to gain
Unauthorized access to protected information

A vulnerability in the libfsimage component of the Xen cross-platform hypervisor component of the Linux kernel is related to information disclosure.
is related to insufficient input data validation. Exploitation of the vulnerability could allow an attacker to
impact the confidentiality, integrity, and availability of

A firmware vulnerability in Intel and AMD processors is associated with errors in the processing of the “ret” (return) instruction.
the “ret” (return) instruction that retrieves the address to jump from the stack. Exploitation of the vulnerability could
allow an attacker to disclose protected information from kernel memory or launch an attack on the host system
from virtual machines

A vulnerability in the cross-platform Xen hypervisor of the Linux operating system kernel is related to the disclosure of
information. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to the
protected information or cause a denial of service

Vulnerability in the Shadow Mode component of the Xen cross-platform hypervisor of the Linux kernel is related to information disclosure.
is related to information disclosure. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

A vulnerability in the phantom() function of the Xen hypervisor is associated with access delimitation flaws resulting from an
incorrect input validation during request generation. Exploitation of the vulnerability could allow
an attacker to gain unauthorized access to protected information

AMD processor firmware vulnerability is related to incorrect prediction of the type of the
transition. Exploitation of the vulnerability allows an attacker to disclose protected information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64xen< 4.19.0-1UNKNOWN

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High