141 matches found
Xenstored DoS via XS_RESET_WATCHES command
ISSUE DESCRIPTION Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define...
EUVD-2012-5405
Malware in sbrugna...
EUVD-2013-4251
Malware in sbrugna...
EUVD-2013-0197
Malware in sbrugna...
EUVD-2014-5044
Malware in sbrugna...
EUVD-2013-2150
Malware in sbrugna...
EUVD-2012-3450
Malware in sbrugna...
EUVD-2013-1916
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2013-2194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflows in the Elf parser libelf in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified...
Linux Distros Unpatched Vulnerability : CVE-2012-4544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk 1 before or 2 after decompression, which allows local guest...
SUSE CVE-2013-0152
Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service host memory consumption by performing nested virtualization in a way that triggers errors that are not properly handled...
SUSE CVE-2014-1895
Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...
CVE-2012-3497
1 TMEMCSAVEGETCLIENTWEIGHT, 2 TMEMCSAVEGETCLIENTCAP, 3 TMEMCSAVEGETCLIENTFLAGS and 4 TMEMCSAVEEND in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service NULL pointer dereference or memory corruption and host crash or possibly have other...
CVE-2012-6031
The dotmemget function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service CPU hang and host crash via unspecified vectors related to a spinlock being held in the "badcopy error path." NOTE: this issue was originally published as part o...
CVE-2012-6035
The dotmemdestroypool function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service memory corruption and host crash or execute arbitrary code via unspecified vectors. NOTE: this issue was...
GNTTABOP_swap_grant_ref operation misbehavior
ISSUE DESCRIPTION With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOPswapgrantref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest issued...
CVE-2015-0361
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service system crash via a crafted hypercall during HVM guest teardown...
CVE-2015-0361
CVE-2015-0361 : Use-after-free in Xen 4.2.x/4.3.x/4.4.x allows remote domains to crash the system via a crafted hypercall during HVM guest teardown. The initial description does not provide exploit details beyond this, and no remediation or affected patch version is stated in the provided documen...
p2m lock starvation
ISSUE DESCRIPTION The current read/write lock implementation is read-biased, which allows a consistent stream of readers to starve writers indefinitely. There are certain rwlocks where guests are capable of applying arbitrary read pressure. IMPACT A malicious guest administrator can deny service ...
CVE-2014-5146
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging HAP, are not preemptible, which allows local HVM guest to cause a denial of service vcpu consumption by invoking these operations, which process every page assigned to ...