admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-21 13:00:40 +00:00
parent a86e2a07aa
commit df4d8b60b0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 440 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

215
2022/42xxx/CVE-2022-42331.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-42331"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-429"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-42331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-429"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen versions 4.5 through 4.17 are vulnerable. Older versions are not\nvulnerable.\n\nOnly x86 CPUs are potentially vulnerable. CPUs of other architectures\nare not vulnerable.\n\nThe problematic codepath is only reachable on x86 CPUs which follow\nAMD's behaviour with respect to SYSCALL instructions from compatibility\nmode segments. This means that AMD and Hygon CPUs are potentially\nvulnerable, whereas Intel CPUs are not. Other vendors have not been\nchecked.\n\nOnly PV guests can leverage the vulnerability.\n\nOn Xen 4.16 and later, the vulnerability is only present if 32bit PV\nguest support is compiled in - i.e. CONFIG_PV32=y. On Xen 4.15 and\nolder, all supported build configurations are vulnerable.\n\nThe vulnerability is only present when booting on hardware that supports\nSMEP or SMAP (Supervisor Mode Execution/Access Prevention). This is\nbelieved to be some Family 0x16 models, and all later CPUs."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen versions 4.5 through 4.17 are vulnerable. Older versions are not\nvulnerable.\n\nOnly x86 CPUs are potentially vulnerable. CPUs of other architectures\nare not vulnerable.\n\nThe problematic codepath is only reachable on x86 CPUs which follow\nAMD's behaviour with respect to SYSCALL instructions from compatibility\nmode segments. This means that AMD and Hygon CPUs are potentially\nvulnerable, whereas Intel CPUs are not. Other vendors have not been\nchecked.\n\nOnly PV guests can leverage the vulnerability.\n\nOn Xen 4.16 and later, the vulnerability is only present if 32bit PV\nguest support is compiled in - i.e. CONFIG_PV32=y. On Xen 4.15 and\nolder, all supported build configurations are vulnerable.\n\nThe vulnerability is only present when booting on hardware that supports\nSMEP or SMAP (Supervisor Mode Execution/Access Prevention). This is\nbelieved to be some Family 0x16 models, and all later CPUs."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Andrew Cooper of XenServer."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "x86: speculative vulnerability in 32bit SYSCALL path\n\nDue to an oversight in the very original Spectre/Meltdown security work\n(XSA-254), one entrypath performs its speculation-safety actions too\nlate.\n\nIn some configurations, there is an unprotected RET instruction which\ncan be attacked with a variety of speculative attacks."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An attacker might be able to infer the contents of arbitrary host\nmemory, including memory assigned to other guests."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-429.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not running untrusted PV guests will avoid the issue."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Andrew Cooper of XenServer."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker might be able to infer the contents of arbitrary host\nmemory, including memory assigned to other guests."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-429.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-429.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not running untrusted PV guests will avoid the issue."
}
]
}
}
}
}

215
2022/42xxx/CVE-2022-42332.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-42332"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-427"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-42332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-427"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from at least 3.2 onwards are vulnerable. Earlier\nversions have not been inspected.\n\nOnly x86 systems are vulnerable. The vulnerability is limited to\nmigration and snapshotting of guests, and only to PV ones as well as\nHVM or PVH ones run with shadow paging."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from at least 3.2 onwards are vulnerable. Earlier\nversions have not been inspected.\n\nOnly x86 systems are vulnerable. The vulnerability is limited to\nmigration and snapshotting of guests, and only to PV ones as well as\nHVM or PVH ones run with shadow paging."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "x86 shadow plus log-dirty mode use-after-free\n\nIn environments where host assisted address translation is necessary\nbut Hardware Assisted Paging (HAP) is unavailable, Xen will run guests\nin so called shadow mode. Shadow mode maintains a pool of memory used\nfor both shadow page tables as well as auxiliary data structures. To\nmigrate or snapshot guests, Xen additionally runs them in so called\nlog-dirty mode. The data structures needed by the log-dirty tracking\nare part of aformentioned auxiliary data.\n\nIn order to keep error handling efforts within reasonable bounds, for\noperations which may require memory allocations shadow mode logic\nensures up front that enough memory is available for the worst case\nrequirements. Unfortunately, while page table memory is properly\naccounted for on the code path requiring the potential establishing of\nnew shadows, demands by the log-dirty infrastructure were not taken into\nconsideration. As a result, just established shadow page tables could\nbe freed again immediately, while other code is still accessing them on\nthe assumption that they would remain allocated."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Guests running in shadow mode and being subject to migration or\nsnapshotting may be able to cause Denial of Service and other problems,\nincluding escalation of privilege."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-427.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not migrating or snapshotting guests will avoid the vulnerability.\n\nRunning only HVM or PVH guests and only in HAP (Hardware Assisted\nPaging) mode will also avoid the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Guests running in shadow mode and being subject to migration or\nsnapshotting may be able to cause Denial of Service and other problems,\nincluding escalation of privilege."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-427.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-427.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not migrating or snapshotting guests will avoid the vulnerability.\n\nRunning only HVM or PVH guests and only in HAP (Hardware Assisted\nPaging) mode will also avoid the vulnerability."
}
]
}
}
}
}

215
2022/42xxx/CVE-2022-42333.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-42333"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-428"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-42333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-428"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen versions 4.11 through 4.17 are vulnerable. Older versions contain\nthe same functionality, but it is exposed there only via an interface\nwhich is subject to XSA-77's constraints.\n\nOnly x86 systems are potentially vulnerable. Arm systems are not\nvulnerable.\n\nOnly entities controlling HVM guests can leverage the vulnerability.\nThese are device models running in either a stub domain or de-privileged\nin Dom0."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen versions 4.11 through 4.17 are vulnerable. Older versions contain\nthe same functionality, but it is exposed there only via an interface\nwhich is subject to XSA-77's constraints.\n\nOnly x86 systems are potentially vulnerable. Arm systems are not\nvulnerable.\n\nOnly entities controlling HVM guests can leverage the vulnerability.\nThese are device models running in either a stub domain or de-privileged\nin Dom0."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Andrew Cooper of XenServer and\nJan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "x86/HVM pinned cache attributes mis-handling\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nTo allow cachability control for HVM guests with passed through devices,\nan interface exists to explicitly override defaults which would\notherwise be put in place. While not exposed to the affected guests\nthemselves, the interface specifically exists for domains controlling\nsuch guests. This interface may therefore be used by not fully\nprivileged entities, e.g. qemu running deprivileged in Dom0 or qemu\nrunning in a so called stub-domain. With this exposure it is an issue\nthat\n - the number of the such controlled regions was unbounded\n (CVE-2022-42333),\n - installation and removal of such regions was not properly serialized\n (CVE-2022-42334)."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Entities controlling HVM guests can run the host out of resources or\nstall execution of a physical CPU for effectively unbounded periods of\ntime, resulting in a Denial of Servis (DoS) affecting the entire host.\nCrashes, information leaks, or elevation of privilege cannot be ruled\nout."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-428.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Running only PV or PVH guests will avoid the vulnerability.\n\n(Switching from a device model stub domain or a de-privileged device\nmodel to a fully privileged Dom0 device model does NOT mitigate this\nvulnerability. Rather, it simply recategorises the vulnerability to\nhostile management code, regarding it \"as designed\"; thus it merely\nreclassifies these issues as \"not a bug\". The security of a Xen system\nusing stub domains is still better than with a qemu-dm running as a Dom0\nprocess. Users and vendors of stub qemu dm systems should not change\ntheir configuration to use a Dom0 qemu process.)"
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aspects of this issue were discovered by Andrew Cooper of XenServer and\nJan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334)."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Entities controlling HVM guests can run the host out of resources or\nstall execution of a physical CPU for effectively unbounded periods of\ntime, resulting in a Denial of Servis (DoS) affecting the entire host.\nCrashes, information leaks, or elevation of privilege cannot be ruled\nout."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-428.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-428.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Running only PV or PVH guests will avoid the vulnerability.\n\n(Switching from a device model stub domain or a de-privileged device\nmodel to a fully privileged Dom0 device model does NOT mitigate this\nvulnerability. Rather, it simply recategorises the vulnerability to\nhostile management code, regarding it \"as designed\"; thus it merely\nreclassifies these issues as \"not a bug\". The security of a Xen system\nusing stub domains is still better than with a qemu-dm running as a Dom0\nprocess. Users and vendors of stub qemu dm systems should not change\ntheir configuration to use a Dom0 qemu process.)"
}
]
}
}
}
}

215
2022/42xxx/CVE-2022-42334.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-42334"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-428"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-42334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-428"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen versions 4.11 through 4.17 are vulnerable. Older versions contain\nthe same functionality, but it is exposed there only via an interface\nwhich is subject to XSA-77's constraints.\n\nOnly x86 systems are potentially vulnerable. Arm systems are not\nvulnerable.\n\nOnly entities controlling HVM guests can leverage the vulnerability.\nThese are device models running in either a stub domain or de-privileged\nin Dom0."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen versions 4.11 through 4.17 are vulnerable. Older versions contain\nthe same functionality, but it is exposed there only via an interface\nwhich is subject to XSA-77's constraints.\n\nOnly x86 systems are potentially vulnerable. Arm systems are not\nvulnerable.\n\nOnly entities controlling HVM guests can leverage the vulnerability.\nThese are device models running in either a stub domain or de-privileged\nin Dom0."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Andrew Cooper of XenServer and\nJan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "x86/HVM pinned cache attributes mis-handling\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nTo allow cachability control for HVM guests with passed through devices,\nan interface exists to explicitly override defaults which would\notherwise be put in place. While not exposed to the affected guests\nthemselves, the interface specifically exists for domains controlling\nsuch guests. This interface may therefore be used by not fully\nprivileged entities, e.g. qemu running deprivileged in Dom0 or qemu\nrunning in a so called stub-domain. With this exposure it is an issue\nthat\n - the number of the such controlled regions was unbounded\n (CVE-2022-42333),\n - installation and removal of such regions was not properly serialized\n (CVE-2022-42334)."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Entities controlling HVM guests can run the host out of resources or\nstall execution of a physical CPU for effectively unbounded periods of\ntime, resulting in a Denial of Servis (DoS) affecting the entire host.\nCrashes, information leaks, or elevation of privilege cannot be ruled\nout."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-428.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Running only PV or PVH guests will avoid the vulnerability.\n\n(Switching from a device model stub domain or a de-privileged device\nmodel to a fully privileged Dom0 device model does NOT mitigate this\nvulnerability. Rather, it simply recategorises the vulnerability to\nhostile management code, regarding it \"as designed\"; thus it merely\nreclassifies these issues as \"not a bug\". The security of a Xen system\nusing stub domains is still better than with a qemu-dm running as a Dom0\nprocess. Users and vendors of stub qemu dm systems should not change\ntheir configuration to use a Dom0 qemu process.)"
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aspects of this issue were discovered by Andrew Cooper of XenServer and\nJan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334)."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Entities controlling HVM guests can run the host out of resources or\nstall execution of a physical CPU for effectively unbounded periods of\ntime, resulting in a Denial of Servis (DoS) affecting the entire host.\nCrashes, information leaks, or elevation of privilege cannot be ruled\nout."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-428.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-428.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Running only PV or PVH guests will avoid the vulnerability.\n\n(Switching from a device model stub domain or a de-privileged device\nmodel to a fully privileged Dom0 device model does NOT mitigate this\nvulnerability. Rather, it simply recategorises the vulnerability to\nhostile management code, regarding it \"as designed\"; thus it merely\nreclassifies these issues as \"not a bug\". The security of a Xen system\nusing stub domains is still better than with a qemu-dm running as a Dom0\nprocess. Users and vendors of stub qemu dm systems should not change\ntheir configuration to use a Dom0 qemu process.)"
}
]
}
}
}
}

7
2023/27xxx/CVE-2023-27979.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@se.com",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2023-27979",
"STATE": "PUBLIC"
},
@ -98,8 +98,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf"
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf"
}
]
},