Open dev-mend-for-github-com[bot] opened 9 months ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Vulnerable Source Files (1)
/arch/x86/x86_64/asm-offsets.c
Vulnerabilities
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
Details
CVE-2020-27671
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)/mm.h
### Vulnerability DetailsAn issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
Publish Date: 2020-10-22
URL: CVE-2020-27671
### CVSS 4 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2015-2151
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)/arch/x86/x86_emulate/x86_emulate.c
### Vulnerability DetailsThe x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
Publish Date: 2015-03-12
URL: CVE-2015-2151
### CVSS 4 Score Details (8.6)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-123.html
Release Date: 2015-03-12
Fix Resolution: 4.4.3-rc1,4.5.1-rc1
CVE-2016-3960
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Publish Date: 2016-04-19
URL: CVE-2016-3960
### CVSS 4 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-173.html
Release Date: 2016-04-19
Fix Resolution: 6.38,7.43,8.0.4
CVE-2012-0218
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)/arch/x86/x86_64/asm-offsets.c
### Vulnerability DetailsXen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.
Publish Date: 2012-12-03
URL: CVE-2012-0218
### CVSS 4 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2012-12-03
Fix Resolution: 4.2.1-rc1,RELEASE-4.2.0
CVE-2020-25601
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
Publish Date: 2020-09-23
URL: CVE-2020-25601
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2019-18424
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
Publish Date: 2019-10-31
URL: CVE-2019-18424
### CVSS 4 Score Details (5.4)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Physical - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
Release Date: 2019-10-31
Fix Resolution: 4.13.0-rc2
CVE-2016-9932
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)/arch/x86/x86_emulate/x86_emulate.c
### Vulnerability DetailsCMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
Publish Date: 2017-01-26
URL: CVE-2016-9932
### CVSS 4 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932
Release Date: 2017-01-26
Fix Resolution: 4.9.0-rc1
CVE-2012-4544
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
Publish Date: 2012-10-31
URL: CVE-2012-4544
### CVSS 4 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2012-10-31
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
CVE-2016-7777
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
Publish Date: 2016-10-07
URL: CVE-2016-7777
### CVSS 4 Score Details (2.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2016-10-07
Fix Resolution: RELEASE-4.7.1, 4.8.0-rc2
CVE-2016-10013
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)/arch/x86/x86_emulate/x86_emulate.c
### Vulnerability DetailsXen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
Publish Date: 2017-01-26
URL: CVE-2016-10013
### CVSS 4 Score Details (2.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-204.html
Release Date: 2017-01-26
Fix Resolution: v4.13-rc6
CVE-2013-4361
### Vulnerable Library - xenRELEASE-4.0.1Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
### Vulnerable Source Files (1)/arch/x86/x86_emulate/x86_emulate.c
### Vulnerability DetailsThe fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
Publish Date: 2013-10-01
URL: CVE-2013-4361
### CVSS 4 Score Details (2.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://security.gentoo.org/glsa/201407-03
Release Date: 2014-07-16
Fix Resolution: All Xen 4.3 users should upgrade to the latest version >= xen-4.3.2-r2 All Xen 4.2 users should upgrade to the latest version >= xen-4.2.4-r2 All xen-tools 4.3 users should upgrade to the latest version >= xen-tools-4.3.2-r2 All xen-tools 4.2 users should upgrade to the latest version >= xen-tools-4.2.4-r2 All Xen PVGRUB 4.3 users should upgrade to the latest version >= xen-pvgrub-4.3.2 All Xen PVGRUB 4.2 users should upgrade to the latest version >= xen-pvgrub-4.2.4