Lucene search
+L

103 matches found

CNVD
CNVD
added 2017/11/29 12:0 a.m.6 views

Xen on ARM Information Disclosure Vulnerability

Xen on ARM is an open source virtual machine monitor product based on the ARM platform developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. An...

6.5CVSS5.9AI score0.00364EPSS
Exploits0References1
Prion
Prion
added 2017/11/28 11:29 p.m.23 views

Design/Logic Flaw

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...

2.1CVSS6.1AI score0.00364EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/11/28 11:29 p.m.19 views

CVE-2017-17046

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...

6.5CVSS6AI score0.00364EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/11/28 11:29 p.m.23 views

CVE-2017-17046

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...

6.5CVSS6.9AI score0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/11/28 11:0 p.m.35 views

CVE-2017-17046

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...

7AI score0.00364EPSS
Exploits0References3
CVE
CVE
added 2017/11/28 11:0 p.m.73 views

CVE-2017-17046

Xen vulnerability CVE-2017-17046 affects Xen up to 4.9.x on ARM, where a guest OS user can read sensitive DRAM data after reboot due to mishandling of disjoint blocks and non-zero-start physical addresses. Impact is information disclosure within the guest context; local attacker privileges requir...

6.5CVSS6.3AI score0.00364EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2017/11/28 11:0 p.m.51 views

CVE-2017-17046

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...

6.5CVSS6.8AI score0.00364EPSS
Exploits0
CNVD
CNVD
added 2016/08/11 12:0 a.m.4 views

Linux kernel elevation of privilege vulnerability (CNVD-2016-06287)

The Linux kernel, released by the Linux Foundation in the United States and used by the operating system Linux, is an open-source, free, and most widely ported operating system kernel. An elevation of privilege vulnerability exists in versions of Linux kernel prior to 3.11 on ARM platforms,...

9.3CVSS8AI score0.01017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2015/10/30 10:32 a.m.20 views

CVE-2013-5634

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service NULL pointer dereference, OOPS, and host OS crash or possibly have unspecified other impact by omitting vCPU initialization before a KVMGETREGLIST ioctl call...

4.3CVSS7.8AI score0.00759EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2015/10/30 10:7 a.m.26 views

CVE-2013-6282

The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against...

8.8CVSS7.1AI score0.39711EPSS
Exploits9References2
NVD
NVD
added 2014/07/09 2:55 p.m.31 views

CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...

2.7CVSS5.7AI score0.00542EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/07/09 2:55 p.m.47 views

CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...

2.7CVSS5.9AI score0.00542EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/07/09 2:0 p.m.27 views

CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...

5.7AI score0.00542EPSS
Exploits0References4
Xen Project
Xen Project
added 2014/06/25 12:0 p.m.82 views

information leak via gnttab_setup_table on ARM

ISSUE DESCRIPTION When initialising an internal data structure on ARM platform Xen was not correctly initialising the memory containing the list of a domain's grant table pages. This list is returned by the GNTTABOPsetuptable subhypercall, leading to an information leak. IMPACT Malicious guest...

2.7CVSS6.3AI score0.00542EPSS
Exploits0Affected Software1
Xen Project
Xen Project
added 2014/04/30 9:52 a.m.105 views

Hardware timer context is not properly context switched on ARM

ISSUE DESCRIPTION When running on an ARM platform Xen was not context switching the CNTKCTLEL1 register, which is used by the guest kernel to control access by userspace processes to the hardware timers. This meant that any guest can reconfigure these settings for the entire system. IMPACT A...

6.2CVSS5.9AI score0.00629EPSS
Exploits0Affected Software1
OSV
OSV
added 2014/04/28 2:9 p.m.3 views

UBUNTU-CVE-2014-2986

The vgicdistrmmiowrite function in the virtual guest interrupt controller GIC distributor arch/arm/vgic.c in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service NULL pointer dereference and host crash via unspecified vectors...

5.5CVSS5.8AI score0.00639EPSS
Exploits0References4
OSV
OSV
added 2014/04/24 2:55 p.m.45 views

UBUNTU-CVE-2014-2915

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service host or guest crash via unspecified vectors, related to 1 cache control, 2 coprocessors, 3 debug registers, and 4 other unspecified registers...

5.5CVSS5.8AI score0.00616EPSS
Exploits0References5
Mageia
Mageia
added 2013/11/22 7:4 p.m.63 views

Updated kernel-rt package fixes security vulnerabilites.

This kernel-rt update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers t...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
added 2013/11/22 7:1 p.m.71 views

Updated kernel-tmb package fixes security vulnerabilites.

This kernel-tmb update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers ...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Mageia
Mageia
added 2013/11/22 6:57 p.m.67 views

Updated kernel package fixes security vulnerabilites.

This kernel update provides the upstream 3.4.69 kernel and fixes the following security issues: The ext4orphandel function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to...

7.1CVSS3.9AI score0.09408EPSS
Exploits7References18
Rows per page
Query Builder