Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use after free of paging structures in EPT
Vulnerability Description
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xen 安全漏洞
Vulnerability Description
Xen是Xen开源的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen存在安全漏洞,该漏洞源于Intel EPT分页代码释放未延迟至刷新完成,可能导致已释放页面短暂保留在缓存状态,从而允许访问非预期的内存区域。
CVSS Information
N/A
Vulnerability Type
N/A