Информационная безопасность
[RU] switch to English


Переполнение буфера в Xen
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13779
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при загрузке ядра гостевой системы.
Затронутые продукты:XEN : Xen 4.4
CVE:CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.)
 CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.)
 CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.)
 CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.)
Оригинальный текстdocumentXEN, [oss-security] Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM (15.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород