7 matches found
CVE-2017-12137
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to mapgrantref...
CVE-2016-7092
The getpagefroml3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables...
CVE-2016-7092
The getpagefroml3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables...
Code injection
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries...
CVE-2016-6258
CVE-2016-6258 affects Xen 4.7.x and earlier, where PV pagetable code in arch/x86/mm.c allows local 32-bit PV guest OS administrators to gain host OS privileges by abusing pagetable fast-path updates. The issue is documented across multiple advisories and vendor/SUSE patches (e.g., Xen/XSA-182 upd...
CVE-2015-7835
CVE-2015-7835 affects Xen 3.4 through 4.6.x. The vulnerability lies in the mod_l2_entry function in arch/x86/mm.c, which does not properly validate level 2 page table entries. This can allow local PV guest administrators to gain privileges via a crafted superpage mapping (privilege escalation). N...
Null pointer dereference
The dommuupdate function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service NULL pointer dereference by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging...