Jan Beulich

3 exploits Active since Mar 2013
CVE-2013-0228 WRITEUP WRITEUP
Linux Kernel < 3.7.9 - Privilege Escalation via Invalid DS Segment Register Handling
The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application.
CVE-2015-2150 WRITEUP WRITEUP
Ubuntu < 3.19.1 - Access Control
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
CVE-2017-10911 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.11.7 - Information Disclosure via Xen Block Interface Response
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
CVSS 6.5