Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xen 代码问题漏洞
Vulnerability Description
Xen是英国剑桥(Cambridge)大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen 4.14.x 版本存在安全漏洞,该漏洞源于对于大多数FIFO事件通道的操作时间函数来说,边界检查通常依赖于CPU观察一致的状态。当生产者端使用适当有序的写操作时,消费者端不受重新有序读操作的保护,因此可能会取消对空指针的引用。恶意内核或漏洞百出的客户内核可以发起拒绝服务(DoS)攻击,从而影响整个系统。
CVSS Information
N/A
Vulnerability Type
N/A