17 matches found
EUVD-2011-2874
Malware in sbrugna...
EUVD-2008-3673
Malware in sbrugna...
CVE-2015-4105
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service host disk consumption via certain invalid operations...
Excessive checking in compatibility mode hypercall argument translation
ISSUE DESCRIPTION The hypercall argument translation needed for 32-bit guests running on 64-bit hypervisors performs checks on the final register state. These checks cover all registers potentially holding hypercall arguments, not just the ones actually doing so for the hypercall being processed,...
CVE-2014-7156
The x86emulate function in arch/x86/x86emulate/x86emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service guest crash via unspecified vectors...
CVE-2011-2901
Off-by-one error in the addrok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service host crash via unspecified hypercalls that ignore virtual-address bits...
Code injection
Off-by-one error in the addrok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service host crash via unspecified hypercalls that ignore virtual-address bits...
CVE-2011-2901
Off-by-one error in the addrok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service host crash via unspecified hypercalls that ignore virtual-address bits...
CVE-2011-2901
CVE-2011-2901 affects Xen 3.3 and earlier. The off-by-one error in the __addr_ok macro allows local 64-bit PV guest administrators to cause a host crash (denial of service) via unspecified hypercalls that ignore virtual-address bits. Public references confirm the issue across multiple advisories ...
CVE-2011-2901
Off-by-one error in the addrok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service host crash via unspecified hypercalls that ignore virtual-address bits...
Information leak through fbld instruction emulation
ISSUE DESCRIPTION The emulation of the fbld instruction which is used during I/O emulation uses the wrong variable for the source effective address. As a result, the actual address used is an uninitialised bit pattern from the stack. A malicious guest might be able to find out information about t...
Integer overflow
Multiple integer overflows in tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers 1 a buffer overflow during a decompression loop or 2 an...
Input validation
Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory...
CVE-2008-7096
Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory...
CVE-2008-3687
Heap-based buffer overflow in the flasksecuritylabel function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users domU to execute arbitrary code via the flaskop hypercall...
Heap overflow
Heap-based buffer overflow in the flasksecuritylabel function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users domU to execute arbitrary code via the flaskop hypercall...
CVE-2008-3687
Affected: Xen 3.3 compiled with XSM:FLASK. Vulnerable: flask_security_label function, due to a heap-based buffer overflow. Impact: unprivileged domU users can execute arbitrary code via the flask_op hypercall. Public exploit details are not provided in the documents; no patch/version remediation ...