Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xen 权限许可和访问控制问题漏洞
Vulnerability Description
Xen是英国剑桥(Cambridge)大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen through 4.14.x 版本存在权限许可和访问控制问题漏洞,该漏洞源于在Ocaml xenstored实现中,树的内部表示具有根节点的特殊情况,因为这个节点没有父节点。不幸的是,没有检查根节点上某些操作的权限。非特权来宾可以获得和修改权限、列出和删除根节点(删除整个xenstore树是主机范围内的拒绝服务)实现xe
CVSS Information
N/A
Vulnerability Type
N/A