All the vulnerabilites related to citrix - xen
Vulnerability from fkie_nvd
Published
2011-01-11 03:00
Modified
2024-11-21 01:20
Severity ?
Summary
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D74157F7-D69B-4FDF-B80E-325EACDB409B",
"versionEndIncluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D97BF124-C4F1-452D-B5B4-0EBDB01E0DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9A466D-2E51-4662-8E85-8F5FA7B94A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C42C6DE-F11E-454E-AA0A-7466E74A904A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAB978D-9364-4DB4-872B-CD52FA271F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "296411C1-F3EB-4D2E-9F95-3F6BA9FE4C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAB8E4-99D5-4970-AAAD-1762F0A2CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CB6DD9-1E32-4242-9DAB-082F03769723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E65CBEF-76BD-4FCC-8094-15B93E98515F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C258D5F5-970D-42E8-BE0F-AAC993AE2819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C9A065-28F1-4C60-86B6-DBB33ABEAE80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c en Xen anterior a v3.4.0 para el kernel Linux v2.6.18, y posiblemente otras versiones, permite a los usuarios invitados del sistema operativo causar una denegaci\u00f3n de servicio (bucle infinito y el consumo de CPU) a trav\u00e9s de un gran \u00edndice de producci\u00f3n de peticiones a los controladores blkback o blktap back-end. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-4247",
"lastModified": "2024-11-21T01:20:32.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-11T03:00:04.063",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35093"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42789"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/23/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/24/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45029"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=656206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=656206"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-03 17:41
Modified
2024-11-21 00:51
Severity ?
Summary
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9A466D-2E51-4662-8E85-8F5FA7B94A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM\u0027s write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen."
},
{
"lang": "es",
"value": "libvirt v0.3.3 se basa en ficheros localizados bajo subdirectorios de /local/domain en xenstore a pesar de la falta de protecci\u00f3n contra modificaciones introducida por Xen en m\u00e1quinas virtuales invitado, lo cual permite a usuarios del sistema operativo (SO) hu\u00e9sped tener un impacto desconocido, como lo demostrado mediante la escritura en (1) consola de texto (console/tty) o (2) el puerto VNC para el gr\u00e1fico framebuffer."
}
],
"id": "CVE-2008-4405",
"lastModified": "2024-11-21T00:51:36.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-03T17:41:40.477",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2008/09/30/6"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32064"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/04/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31499"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020955"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2709"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464817"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464818"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2008/09/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-12 18:55
Modified
2024-11-21 01:26
Severity ?
Summary
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAB8E4-99D5-4970-AAAD-1762F0A2CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3C3E5-3A28-4CC6-806F-8B47CD4C9FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F592C-CDE0-4AB8-9C1B-7884776055CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0, y v4.1 permite a usuarios locales provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de invitados \"paravirtualizados\" manipulados en la imagen del kernel que dispara (1) un desbordamiento de b\u00fafer durante la descompresi\u00f3n de bucle o (2) una lectura fuera de l\u00edmites en el cargador envolviendo un campo de longitud no especificada."
}
],
"id": "CVE-2011-1583",
"lastModified": "2024-11-21T01:26:39.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-12T18:55:00.697",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0496.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0496.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-12 18:55
Modified
2024-11-21 01:27
Severity ?
Summary
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3C3E5-3A28-4CC6-806F-8B47CD4C9FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85FC6697-35A5-419F-AFD1-9F327A0613BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F592C-CDE0-4AB8-9C1B-7884776055CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\""
},
{
"lang": "es",
"value": "Xen v4.1 anterior a v4.1.1 y v4.0 anterior a v4.0.2, cuando usa PCI passthrough sobre chipsets Intel VT-d que no tienen que interrumplir remapeado, permite a usuarios invitados del OS obtener privilegios de anfitri\u00f3n \"usando DMA para generar interrupciones MSI escribiendo en el registro de inyecci\u00f3n de interrupci\u00f3\"n."
}
],
"id": "CVE-2011-1898",
"lastModified": "2024-11-21T01:27:16.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-12T18:55:00.870",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://xen.org/download/index_4.0.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xen.org/download/index_4.0.2.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-22 22:00
Modified
2024-11-21 01:20
Severity ?
Summary
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xen | 3.1.2 | |
| linux | linux_kernel | 2.6.18 | |
| redhat | enterprise_linux | 5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819A8279-F973-48B3-9F6A-774CEAD10922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n vbd_create de Xen 3.1.2, cuando el kernel de Linux 2.6.18 de Red Hat Enterprise Linux (RHEL) 5 es utilizado, permite a usuarios del SO invitados provocar una denegaci\u00f3n de servicio (excepci\u00f3n \"panic\" del SO del equipo) a trav\u00e9s de un intento de acceso a un dispositivo de CD-ROM virtual a trav\u00e9s del controlador blkback. NOTA: algunos de estos detalles han sido obtenidos de terceras partes."
}
],
"id": "CVE-2010-4238",
"lastModified": "2024-11-21T01:20:30.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-22T22:00:03.257",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42884"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45795"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655623"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64698"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-19 20:55
Modified
2024-11-21 01:30
Severity ?
Summary
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAB8E4-99D5-4970-AAAD-1762F0A2CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3C3E5-3A28-4CC6-806F-8B47CD4C9FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F592C-CDE0-4AB8-9C1B-7884776055CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\""
},
{
"lang": "es",
"value": "tools/libxc/xc_dom_bzimageloader.c en Xen v3.2, v3.3, v4.0 y v4.1 permite a usuarios locales provocar una denegaci\u00f3n de servicio (bucle infinito de software de gesti\u00f3n y excesivo consumo de recursos en el administrador de dominios) a trav\u00e9s de vectores no especificados relacionados con \"La falta de comprobaci\u00f3n de errores en el bucle de descompresi\u00f3n\"."
}
],
"id": "CVE-2011-3262",
"lastModified": "2024-11-21T01:30:07.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-19T20:55:01.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55082"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-25 01:00
Modified
2024-11-21 01:20
Severity ?
Summary
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xen | * | |
| citrix | xen | 3.0.2 | |
| citrix | xen | 3.0.3 | |
| citrix | xen | 3.0.4 | |
| citrix | xen | 3.1.2 | |
| citrix | xen | 3.1.3 | |
| citrix | xen | 3.1.4 | |
| citrix | xen | 3.2.0 | |
| citrix | xen | 3.2.1 | |
| citrix | xen | 3.2.2 | |
| citrix | xen | 3.2.3 | |
| citrix | xen | 3.3.0 | |
| citrix | xen | 3.3.1 | |
| citrix | xen | 3.3.2 | |
| citrix | xen | 3.4.0 | |
| citrix | xen | 3.4.1 | |
| citrix | xen | 3.4.2 | |
| citrix | xen | 3.4.3 | |
| citrix | xen | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD35CC3-597F-4518-9E10-C320C4B11B73",
"versionEndIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D97BF124-C4F1-452D-B5B4-0EBDB01E0DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9A466D-2E51-4662-8E85-8F5FA7B94A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C42C6DE-F11E-454E-AA0A-7466E74A904A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819A8279-F973-48B3-9F6A-774CEAD10922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAB978D-9364-4DB4-872B-CD52FA271F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "296411C1-F3EB-4D2E-9F95-3F6BA9FE4C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAB8E4-99D5-4970-AAAD-1762F0A2CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CB6DD9-1E32-4242-9DAB-082F03769723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E65CBEF-76BD-4FCC-8094-15B93E98515F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C258D5F5-970D-42E8-BE0F-AAC993AE2819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C9A065-28F1-4C60-86B6-DBB33ABEAE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02C8B74D-535D-48FF-8982-BCC28CB7EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BD93F4-FF44-46BD-B9BA-0A13A210B238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50786C9D-CBE1-4CA7-A159-2DACEA9FC739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BA4D2F-47C9-4127-92B3-21F91C73FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "905310D3-4E25-4C03-9D9A-6658FC307632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3C3E5-3A28-4CC6-806F-8B47CD4C9FC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access."
},
{
"lang": "es",
"value": "La funci\u00f3n fixup_page_fault en arch/x86/traps.c en Xen v.4.0.1 y anteriores sobre plataformas 64-bit, cuando se activa la paravirtualizaci\u00f3n, no verifica que el modo kernel est\u00e1 usado para llamar a la funci\u00f3n handle_gdt_ldt_mapping_fault, lo que permite a los usuarios invitados del sistema operativo provocar una denegaci\u00f3n de servicio (host OS BUG_ON) a trav\u00e9s de un acceso de memoria manipulado."
}
],
"id": "CVE-2010-4255",
"lastModified": "2024-11-21T01:20:33.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-25T01:00:01.393",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/8"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42884"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xend in Xen 3.3.0 does not properly restrict a guest VM\u0027s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405."
},
{
"lang": "es",
"value": "xend en Xen 3.3.0 no restringe adecuadamente el acceso de escritura de una m\u00e1quina virtual invitada en el \u00e1rbol de directorios xenstore /local/domain, lo que permite a usuarios del sistema operativo visitantes provocar una denegaci\u00f3n de servicio y posiblemente tener otro impacto no especificado escribiendo en (1) console/tty, (2) console/limit, o (3) image/device-model-pid. NOTA: este problema existe debido a llamadas set_permissions err\u00f3neas en el parche para CVE-2008-4405."
}
],
"id": "CVE-2008-5716",
"lastModified": "2024-11-21T00:54:43.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-24T18:29:15.920",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2008/12/19/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31499"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2008/12/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47668"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5. Security update released to address CVE-2008-4405 - https://rhn.redhat.com/errata/RHSA-2009-0003.html - contained correct patch which did not introduce this problem and resolved the original issue.",
"lastModified": "2009-01-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-08 20:00
Modified
2024-11-21 01:19
Severity ?
Summary
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D97BF124-C4F1-452D-B5B4-0EBDB01E0DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9A466D-2E51-4662-8E85-8F5FA7B94A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C42C6DE-F11E-454E-AA0A-7466E74A904A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAB978D-9364-4DB4-872B-CD52FA271F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "296411C1-F3EB-4D2E-9F95-3F6BA9FE4C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAB8E4-99D5-4970-AAAD-1762F0A2CD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CB6DD9-1E32-4242-9DAB-082F03769723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E65CBEF-76BD-4FCC-8094-15B93E98515F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C258D5F5-970D-42E8-BE0F-AAC993AE2819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C9A065-28F1-4C60-86B6-DBB33ABEAE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02C8B74D-535D-48FF-8982-BCC28CB7EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BD93F4-FF44-46BD-B9BA-0A13A210B238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50786C9D-CBE1-4CA7-A159-2DACEA9FC739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BA4D2F-47C9-4127-92B3-21F91C73FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xen:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "905310D3-4E25-4C03-9D9A-6658FC307632",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap."
},
{
"lang": "es",
"value": "El driver backend en Xen v3.x permite a usuarios del OS causar una denegaci\u00f3n de servicio a trav\u00e9s de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado OS sean apagados o se cree un dominio zombie, causando una ca\u00edda en zenwatch, o impida que comandos sin especificar xm trabajen de forma adecuada, relacionado con (1) netback, (2) blkback, o (3) blktap."
}
],
"id": "CVE-2010-3699",
"lastModified": "2024-11-21T01:19:25.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-08T20:00:01.087",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42372"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42789"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43056"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45039"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1024786"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0213"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-4238
Vulnerability from cvelistv5
Published
2011-01-22 21:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=655623 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2011-0017.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/46397 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42884 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/45795 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64698 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655623"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "45795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45795"
},
{
"name": "xen-vdbcreate-dos(64698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=655623"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "45795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45795"
},
{
"name": "xen-vdbcreate-dos(64698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64698"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4238",
"datePublished": "2011-01-22T21:00:00",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4255
Vulnerability from cvelistv5
Published
2011-01-25 00:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2011-0017.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/46397 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=658155 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/11/30/5 | mailing-list, x_refsource_MLIST | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42884 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2010/11/30/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155"
},
{
"name": "[oss-security] 20101130 CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "[xen-devel] 20101129 [PATCH] x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html"
},
{
"name": "[oss-security] 20101130 Re: CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155"
},
{
"name": "[oss-security] 20101130 CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "[xen-devel] 20101129 [PATCH] x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html"
},
{
"name": "[oss-security] 20101130 Re: CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4255",
"datePublished": "2011-01-25T00:00:00",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3262
Vulnerability from cvelistv5
Published
2011-08-19 20:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/55082 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201309-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69381 | vdb-entry, x_refsource_XF | |
| http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55082"
},
{
"name": "GLSA-201309-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"name": "xen-xcdombzimageloader-dos(69381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381"
},
{
"name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55082"
},
{
"name": "GLSA-201309-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"name": "xen-xcdombzimageloader-dos(69381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381"
},
{
"name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"name": "xen-xcdombzimageloader-dos(69381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381"
},
{
"name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3262",
"datePublished": "2011-08-19T20:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4247
Vulnerability from cvelistv5
Published
2011-01-11 01:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42789"
},
{
"name": "ADV-2011-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "45029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45029"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "35093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=656206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d"
},
{
"name": "[oss-security] 20101123 CVE request: xen: request-processing loop is unbounded in blkback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/23/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20101124 Re: CVE request: xen: request-processing loop is unbounded in blkback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/24/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "42789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42789"
},
{
"name": "ADV-2011-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "45029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45029"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "35093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=656206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d"
},
{
"name": "[oss-security] 20101123 CVE request: xen: request-processing loop is unbounded in blkback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/23/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20101124 Re: CVE request: xen: request-processing loop is unbounded in blkback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/24/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4247",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5716
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47668 | vdb-entry, x_refsource_XF | |
| http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html | mailing-list, x_refsource_MLIST | |
| http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html | mailing-list, x_refsource_MLIST | |
| http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/31499 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2008/12/19/1 | mailing-list, x_refsource_MLIST | |
| http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xen-xend-xenstore-dos(47668)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47668"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html"
},
{
"name": "31499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31499"
},
{
"name": "[oss-security] 20081219 CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2008/12/19/1"
},
{
"name": "[xen-devel] 20081218 PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xend in Xen 3.3.0 does not properly restrict a guest VM\u0027s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xen-xend-xenstore-dos(47668)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47668"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html"
},
{
"name": "31499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31499"
},
{
"name": "[oss-security] 20081219 CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2008/12/19/1"
},
{
"name": "[xen-devel] 20081218 PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xend in Xen 3.3.0 does not properly restrict a guest VM\u0027s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xen-xend-xenstore-dos(47668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47668"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html"
},
{
"name": "[xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html"
},
{
"name": "31499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31499"
},
{
"name": "[oss-security] 20081219 CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2008/12/19/1"
},
{
"name": "[xen-devel] 20081218 PATCH: Actually make /local/domain/$DOMID readonly to the guest",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5716",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-12-24T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4405
Vulnerability from cvelistv5
Published
2008-10-03 17:18
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464817"
},
{
"name": "MDVSA-2009:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"name": "32064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32064"
},
{
"name": "[xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "[oss-security] 20080930 CVE Request (xen)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2008/09/30/6"
},
{
"name": "RHSA-2009:0003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70"
},
{
"name": "[xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html"
},
{
"name": "31499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31499"
},
{
"name": "oval:org.mitre.oval:def:10627",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627"
},
{
"name": "1020955",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020955"
},
{
"name": "[oss-security] 20081004 Re: CVE Request (xen)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/04/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM\u0027s write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464817"
},
{
"name": "MDVSA-2009:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"name": "32064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32064"
},
{
"name": "[xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "[oss-security] 20080930 CVE Request (xen)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2008/09/30/6"
},
{
"name": "RHSA-2009:0003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70"
},
{
"name": "[xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html"
},
{
"name": "31499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31499"
},
{
"name": "oval:org.mitre.oval:def:10627",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627"
},
{
"name": "1020955",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020955"
},
{
"name": "[oss-security] 20081004 Re: CVE Request (xen)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/04/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM\u0027s write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2709"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=464817",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464817"
},
{
"name": "MDVSA-2009:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"name": "32064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32064"
},
{
"name": "[xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html"
},
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "[oss-security] 20080930 CVE Request (xen)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2008/09/30/6"
},
{
"name": "RHSA-2009:0003",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0003.html"
},
{
"name": "http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70",
"refsource": "CONFIRM",
"url": "http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70"
},
{
"name": "[xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration",
"refsource": "MLIST",
"url": "http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html"
},
{
"name": "31499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31499"
},
{
"name": "oval:org.mitre.oval:def:10627",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627"
},
{
"name": "1020955",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020955"
},
{
"name": "[oss-security] 20081004 Re: CVE Request (xen)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/04/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=464818",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4405",
"datePublished": "2008-10-03T17:18:00",
"dateReserved": "2008-10-03T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3699
Vulnerability from cvelistv5
Published
2010-12-08 19:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42789"
},
{
"name": "43056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43056"
},
{
"name": "ADV-2011-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "1024786",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024786"
},
{
"name": "SUSE-SA:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"name": "42372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
},
{
"name": "45039",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45039"
},
{
"name": "ADV-2011-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "42789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42789"
},
{
"name": "43056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43056"
},
{
"name": "ADV-2011-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "1024786",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024786"
},
{
"name": "SUSE-SA:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"name": "42372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
},
{
"name": "45039",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45039"
},
{
"name": "ADV-2011-0213",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0213"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3699",
"datePublished": "2010-12-08T19:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1898
Vulnerability from cvelistv5
Published
2011-08-12 18:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| http://xen.org/download/index_4.0.2.html | x_refsource_CONFIRM | |
| http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf | x_refsource_MISC | |
| http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:0942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xen.org/download/index_4.0.2.html"
},
{
"name": "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"
},
{
"name": "FEDORA-2011-8403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"
},
{
"name": "openSUSE-SU-2011:0941",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"
},
{
"name": "FEDORA-2011-8421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2011:0942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xen.org/download/index_4.0.2.html"
},
{
"name": "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"
},
{
"name": "FEDORA-2011-8403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"
},
{
"name": "openSUSE-SU-2011:0941",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"
},
{
"name": "FEDORA-2011-8421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0942",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"
},
{
"name": "http://xen.org/download/index_4.0.2.html",
"refsource": "CONFIRM",
"url": "http://xen.org/download/index_4.0.2.html"
},
{
"name": "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI",
"refsource": "MLIST",
"url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"
},
{
"name": "FEDORA-2011-8403",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"
},
{
"name": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf",
"refsource": "MISC",
"url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"
},
{
"name": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html",
"refsource": "MISC",
"url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"
},
{
"name": "openSUSE-SU-2011:0941",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"
},
{
"name": "FEDORA-2011-8421",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1898",
"datePublished": "2011-08-12T18:00:00",
"dateReserved": "2011-05-04T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1583
Vulnerability from cvelistv5
Published
2011-08-12 18:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2011-0496.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:42.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"name": "RHSA-2011:0496",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0496.html"
},
{
"name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html"
},
{
"name": "RHSA-2011:0496",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0496.html"
},
{
"name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1583",
"datePublished": "2011-08-12T18:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:28:42.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}