Lucene search
K

100 matches found

OSV
OSV
added 2017/12/12 11:29 p.m.7 views

UBUNTU-CVE-2017-17566

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...

7.8CVSS6.9AI score0.00357EPSS
Exploits0References4
OSV
OSV
added 2017/12/12 11:29 p.m.1 views

ALPINE-CVE-2017-17566

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...

7.8CVSS6.8AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2017/12/12 11:29 p.m.0 views

ALPINE-CVE-2017-17564

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...

7.8CVSS6.8AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2017/12/12 11:29 p.m.23 views

CVE-2017-17564

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...

7.8CVSS6.8AI score
Exploits0References9
CVE
CVE
added 2017/12/12 10:0 p.m.112 views

CVE-2017-17563

CVE-2017-17563 affects the Xen hypervisor (through 4.9.x) where a bug in the reference-count overflow check in shadow mode allows a guest OS user to cause a host-OS denial of service (host crash) or gain host privileges. The issue comes from an incorrect mask in reference-count overflow checking....

7.8CVSS6.3AI score0.00352EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2017/12/12 10:0 p.m.30 views

CVE-2017-17564

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...

7.8CVSS7.8AI score0.00352EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/12 10:0 p.m.32 views

CVE-2017-17566

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...

7.8CVSS7.8AI score0.00357EPSS
Exploits0
CVE
CVE
added 2017/12/12 10:0 p.m.115 views

CVE-2017-17564

CVE-2017-17564 affects the Xen hypervisor (up to 4.9.x). Vulnerability arises from incorrect error handling for reference counting in shadow mode, allowing a guest OS user to crash the host OS or gain host privileges. Exploitation details are not provided in the initial document, but related conn...

7.8CVSS6.2AI score0.00352EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2017/12/12 10:0 p.m.23 views

CVE-2017-17564

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...

6.4AI score0.00352EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2017/12/12 10:0 p.m.25 views

CVE-2017-17563

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode...

7.8CVSS8AI score0.00352EPSS
Exploits0
Xen Project
Xen Project
added 2017/12/12 12:0 p.m.592 views

improper x86 shadow mode refcount error handling

ISSUE DESCRIPTION Pages being used to run x86 guests in shadow mode are reference counted to track their uses. When another reference cannot be acquired, the corresponding page table entry must not be inserted. Due to incorrect error handling, this constraint could be violated. IMPACT A malicious...

7.8CVSS6.4AI score0.00352EPSS
Exploits0Affected Software1
Xen Project
Xen Project
added 2017/12/12 12:0 p.m.592 views

broken x86 shadow mode refcount overflow check

ISSUE DESCRIPTION Pages being used to run x86 guests in shadow mode are reference counted to track their uses. Unfortunately the overflow check when trying to obtain a new reference used a mask one bit wider than the reference count actually is, rendering the entire check ineffective. IMPACT A...

7.8CVSS6.6AI score0.00352EPSS
Exploits0Affected Software1
Xen Project
Xen Project
added 2017/12/12 12:0 p.m.564 views

x86 PV guests may gain access to internally used pages

ISSUE DESCRIPTION Memory management for PV guests builds on page ownership and page attributes. A domain can always map, at least r/o, pages of which it is the owner. Certain fields in the control structure of a page are used for different purposes in the main PV memory management code and in cod...

7.8CVSS6.6AI score0.00357EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2016/04/19 12:0 a.m.7 views

Xen Denial of Service Vulnerability (CNVD-2016-02455)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in...

8.8CVSS8.4AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2016/01/22 3:59 p.m.19 views

CVE-2016-1571

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

6.3CVSS6.7AI score0.01277EPSS
Exploits0References4
OSV
OSV
added 2016/01/22 3:59 p.m.8 views

CVE-2016-1571

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

6.3CVSS6.9AI score
Exploits0References4
Prion
Prion
added 2016/01/22 3:59 p.m.25 views

Design/Logic Flaw

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

4.7CVSS6.5AI score0.01277EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2016/01/22 3:0 p.m.107 views

CVE-2016-1571

CVE-2016-1571 affects Xen 3.3.x–4.6.x. When shadow paging or nested virtualization is enabled, a local HVM guest can trigger the hypervisor bug check via a non-canonical guest address in an INVVPID instruction, causing a host crash (DoS). The description does not specify a vendor patch or fixed v...

6.3CVSS6.1AI score0.01277EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2016/01/22 3:0 p.m.54 views

CVE-2016-1571

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

6.3CVSS4.4AI score0.01277EPSS
Exploits0
Xen Project
Xen Project
added 2016/01/20 12:0 p.m.87 views

VMX: intercept issue with INVLPG on non-canonical address

ISSUE DESCRIPTION While INVLPG does not cause a General Protection Fault when used on a non-canonical address, INVVPID in its "individual address" variant, which is used to back the intercepted INVLPG in certain cases, fails in such cases. Failure of INVVPID results in a hypervisor bug check...

6.3CVSS0.1AI score0.01277EPSS
Exploits0Affected Software1
Rows per page
Query Builder