Все бюллетени/sisyphus/ALT-PU-2014-3201-1
ALT-PU-2014-3201-1

Обновление пакета xen в ветке sisyphus

Версия4.3.2-alt1
Задание#114553
Опубликовано2014-02-16
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (36)

BDU:2015-10521
MEDIUM4.9

Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2016-07-07Изменено: 2021-03-23
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
BDU:2015-10522
MEDIUM4.9

Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2016-07-07Изменено: 2021-03-23
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-4416
MEDIUM5.2

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

Опубликовано: 2013-11-02Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.2
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:C
Ссылки
CVE-2013-4551
MEDIUM5.7

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."

Опубликовано: 2013-11-18Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.7
CVSS:2.0/AV:A/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-4553
MEDIUM5.2

The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).

Опубликовано: 2013-12-24Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.2
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:C
Ссылки
CVE-2013-4554
MEDIUM5.2

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.

Опубликовано: 2013-12-24Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.2
CVSS:2.0/AV:A/AC:L/Au:S/C:P/I:P/A:P
Ссылки
CVE-2013-6375
HIGH7.9

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

Опубликовано: 2013-11-23Изменено: 2026-04-29
CVSS 2.0ВЫСОКАЯ 7.9
CVSS:2.0/AV:A/AC:M/Au:N/C:C/I:C/A:C
Ссылки
CVE-2013-6400
MEDIUM6.8

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.

Опубликовано: 2013-12-13Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:A/AC:H/Au:N/C:C/I:C/A:C
Ссылки
CVE-2014-1642
MEDIUM4.4

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

Опубликовано: 2014-01-26Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.4
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P
Ссылки
CVE-2014-1666
HIGH8.3

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

Опубликовано: 2014-01-26Изменено: 2026-04-29
CVSS 2.0ВЫСОКАЯ 8.3
CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:C/A:C
Ссылки
CVE-2014-1891
MEDIUM5.2

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.

Опубликовано: 2014-04-01Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.2
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:C
Ссылки
CVE-2014-1895
MEDIUM5.8

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

Опубликовано: 2014-04-01Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:A/AC:M/Au:S/C:P/I:N/A:C
Ссылки
CVE-2014-1896
MEDIUM4.9

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."

Опубликовано: 2014-04-01Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:A/AC:M/Au:S/C:P/I:P/A:P
Ссылки
CVE-2014-1950
MEDIUM4.6

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.

Опубликовано: 2014-02-14Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
Ссылки
CVE-2014-3124
MEDIUM6.7

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

Опубликовано: 2014-05-07Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 6.7
CVSS:2.0/AV:A/AC:L/Au:S/C:P/I:P/A:C
Ссылки
CVE-2014-3967
MEDIUM5.5

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Опубликовано: 2014-06-05Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.5
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:C
Ссылки
CVE-2014-3968
MEDIUM5.5

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.

Опубликовано: 2014-06-05Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.5
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:C
Ссылки
CVE-2014-4021
LOW2.7

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

Опубликовано: 2014-06-18Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.7
CVSS:2.0/AV:A/AC:L/Au:S/C:P/I:N/A:N
Ссылки
CVE-2014-5146
MEDIUM4.7

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

Опубликовано: 2014-08-22Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-5149
MEDIUM4.7

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.

Опубликовано: 2014-08-22Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-7154
MEDIUM6.1

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

Опубликовано: 2014-10-02Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 6.1
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-7156
LOW3.3

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.

Опубликовано: 2014-10-02Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:P
Ссылки
CVE-2014-7188
HIGH8.3

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.

Опубликовано: 2014-10-02Изменено: 2025-04-12
CVSS 2.0ВЫСОКАЯ 8.3
CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:C/A:C
Ссылки
CVE-2014-8594
MEDIUM5.4

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).

Опубликовано: 2014-11-19Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-8595
LOW1.9

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.

Опубликовано: 2014-11-19Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P
Ссылки
CVE-2014-8866
MEDIUM4.7

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

Опубликовано: 2014-12-01Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-9030
HIGH7.1

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

Опубликовано: 2014-11-24Изменено: 2025-04-12
CVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2015-1563
LOW2.1

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Опубликовано: 2015-02-09Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
Ссылки
CVE-2015-2044
LOW2.1

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

Опубликовано: 2015-03-12Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
Ссылки
CVE-2015-2045
LOW2.1

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

Опубликовано: 2015-03-12Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
Ссылки
CVE-2015-2150
MEDIUM4.9

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Опубликовано: 2015-03-12Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2015-2151
HIGH7.2

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Опубликовано: 2015-03-12Изменено: 2025-04-12
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
Ссылки
CVE-2015-3259
MEDIUM6.8

Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.

Опубликовано: 2015-07-16Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
Ссылки
CVE-2015-4163
MEDIUM4.9

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.

Опубликовано: 2015-06-15Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2015-4164
MEDIUM4.9

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.

Опубликовано: 2015-06-15Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2016-6258
HIGH8.8

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Опубликовано: 2016-08-02Изменено: 2025-04-12
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ссылки