6 matches found
SUSE CVE-2013-1919
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."...
ALPINE-CVE-2020-25598
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEMacquireresource error path. The RCU Read, Copy, Update mechanism is a synchronisation primitive. A buggy error path in the XENMEMacquireresource exits without releasing an RCU reference, which is conceptually similar to...
qemu may drive Xen into unbounded loop
ISSUE DESCRIPTION When Xen sends requests to a device model, the next expected action inside Xen is tracked using a state field. The requests themselves are placed in a memory page shared with the device model, so that the device model can communicate to Xen its progress on the request. The state...
qemu ioport array overflow
ISSUE DESCRIPTION The code in qemu which implements ioport read/write looks up the specified ioport address in a dispatch table. The argument to the dispatch function is a uint32t, and is used without a range check, even though the table has entries for only 2^16 ioports. When qemu is used as a...
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
ISSUE DESCRIPTION An error handling path in the processing of MMUMACHPHYSUPDATE failed to drop a page reference which was acquired in an earlier processing step. IMPACT Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack...
Several access permission issues with IRQs for unprivileged guests
ISSUE DESCRIPTION Various IRQ related access control operations may not have the intended effect, thus potentially permitting a stub domain to grant its client domain access to an IRQ it doesn't have access to itself. IMPACT Malicious or buggy stub domains kernels can mount a denial of service...