search

CarOrgSima / xen

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
http://xenproject.org
Other
0 stars 1 forks source link

xenRELEASE-4.0.1: 11 vulnerabilities (highest severity is: 8.8) #2

Open dev-mend-for-github-com[bot] opened 9 months ago

dev-mend-for-github-com[bot] commented 9 months ago
Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Vulnerable Source Files (1)

/arch/x86/x86_64/asm-offsets.c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (xenRELEASE version) Remediation Possible** Reachability
CVE-2020-27671 High 8.8 xenRELEASE-4.0.1 Direct All Xen users should upgrade to the latest version # emerge --sync

emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5

All Xen Tools users should upgrade to the latest version # emerge --sync

emerge --ask --oneshot --verbose

=app-emulation/xen-tools-4.13.1-r5 >= | ❌| | | CVE-2015-2151 | High | 8.6 | xenRELEASE-4.0.1 | Direct | 4.4.3-rc1,4.5.1-rc1 | ❌| | | CVE-2016-3960 | High | 7.5 | xenRELEASE-4.0.1 | Direct | 6.38,7.43,8.0.4 | ❌| | | CVE-2012-0218 | Medium | 5.9 | xenRELEASE-4.0.1 | Direct | 4.2.1-rc1,RELEASE-4.2.0 | ❌| | | CVE-2020-25601 | Medium | 5.5 | xenRELEASE-4.0.1 | Direct | All Xen users should upgrade to the latest version # emerge --sync

emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5

All Xen Tools users should upgrade to the latest version # emerge --sync

emerge --ask --oneshot --verbose

=app-emulation/xen-tools-4.13.1-r5 >= | ❌| | | CVE-2019-18424 | Medium | 5.4 | xenRELEASE-4.0.1 | Direct | 4.13.0-rc2 | ❌| | | CVE-2016-9932 | Medium | 5.1 | xenRELEASE-4.0.1 | Direct | 4.9.0-rc1 | ❌| | | CVE-2012-4544 | Medium | 5.1 | xenRELEASE-4.0.1 | Direct | 4.3.0-rc1,RELEASE-4.3.0 | ❌| | | CVE-2016-7777 | Low | 2.1 | xenRELEASE-4.0.1 | Direct | RELEASE-4.7.1, 4.8.0-rc2 | ❌| | | CVE-2016-10013 | Low | 2.1 | xenRELEASE-4.0.1 | Direct | v4.13-rc6 | ❌| | | CVE-2013-4361 | Low | 2.0 | xenRELEASE-4.0.1 | Direct | All Xen 4.3 users should upgrade to the latest version >= xen-4.3.2-r2 All Xen 4.2 users should upgrade to the latest version >= xen-4.2.4-r2 All xen-tools 4.3 users should upgrade to the latest version >= xen-tools-4.3.2-r2 All xen-tools 4.2 users should upgrade to the latest version >= xen-tools-4.2.4-r2 All Xen PVGRUB 4.3 users should upgrade to the latest version >= xen-pvgrub-4.3.2 All Xen PVGRUB 4.2 users should upgrade to the latest version >= xen-pvgrub-4.2.4 | ❌| |

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-27671 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

/mm.h

### Vulnerability Details

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

Publish Date: 2020-10-22

URL: CVE-2020-27671

### CVSS 4 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/202011-06

Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=

CVE-2015-2151 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

/arch/x86/x86_emulate/x86_emulate.c

### Vulnerability Details

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Publish Date: 2015-03-12

URL: CVE-2015-2151

### CVSS 4 Score Details (8.6)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://xenbits.xen.org/xsa/advisory-123.html

Release Date: 2015-03-12

Fix Resolution: 4.4.3-rc1,4.5.1-rc1

CVE-2016-3960 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Publish Date: 2016-04-19

URL: CVE-2016-3960

### CVSS 4 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://xenbits.xen.org/xsa/advisory-173.html

Release Date: 2016-04-19

Fix Resolution: 6.38,7.43,8.0.4

CVE-2012-0218 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

/arch/x86/x86_64/asm-offsets.c

### Vulnerability Details

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

Publish Date: 2012-12-03

URL: CVE-2012-0218

### CVSS 4 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2012-12-03

Fix Resolution: 4.2.1-rc1,RELEASE-4.2.0

CVE-2020-25601 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.

Publish Date: 2020-09-23

URL: CVE-2020-25601

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/202011-06

Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=

CVE-2019-18424 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.

Publish Date: 2019-10-31

URL: CVE-2019-18424

### CVSS 4 Score Details (5.4)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Physical - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424

Release Date: 2019-10-31

Fix Resolution: 4.13.0-rc2

CVE-2016-9932 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

/arch/x86/x86_emulate/x86_emulate.c

### Vulnerability Details

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.

Publish Date: 2017-01-26

URL: CVE-2016-9932

### CVSS 4 Score Details (5.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932

Release Date: 2017-01-26

Fix Resolution: 4.9.0-rc1

CVE-2012-4544 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Publish Date: 2012-10-31

URL: CVE-2012-4544

### CVSS 4 Score Details (5.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2012-10-31

Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0

CVE-2016-7777 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.

Publish Date: 2016-10-07

URL: CVE-2016-7777

### CVSS 4 Score Details (2.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2016-10-07

Fix Resolution: RELEASE-4.7.1, 4.8.0-rc2

CVE-2016-10013 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

/arch/x86/x86_emulate/x86_emulate.c

### Vulnerability Details

Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.

Publish Date: 2017-01-26

URL: CVE-2016-10013

### CVSS 4 Score Details (2.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://xenbits.xen.org/xsa/advisory-204.html

Release Date: 2017-01-26

Fix Resolution: v4.13-rc6

CVE-2013-4361 ### Vulnerable Library - xenRELEASE-4.0.1

Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)

Library home page: https://github.com/xen-project/xen.git

Found in base branch: master

### Vulnerable Source Files (1)

/arch/x86/x86_emulate/x86_emulate.c

### Vulnerability Details

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.

Publish Date: 2013-10-01

URL: CVE-2013-4361

### CVSS 4 Score Details (2.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201407-03

Release Date: 2014-07-16

Fix Resolution: All Xen 4.3 users should upgrade to the latest version >= xen-4.3.2-r2 All Xen 4.2 users should upgrade to the latest version >= xen-4.2.4-r2 All xen-tools 4.3 users should upgrade to the latest version >= xen-tools-4.3.2-r2 All xen-tools 4.2 users should upgrade to the latest version >= xen-tools-4.2.4-r2 All Xen PVGRUB 4.3 users should upgrade to the latest version >= xen-pvgrub-4.3.2 All Xen PVGRUB 4.2 users should upgrade to the latest version >= xen-pvgrub-4.2.4

dev-mend-for-github-com[bot] commented 8 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

dev-mend-for-github-com[bot] commented 5 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.