Total
443 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-5148 | 1 Xen | 1 Xen | 2017-08-28 | 4.6 MEDIUM | N/A |
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. | |||||
CVE-2013-4368 | 1 Xen | 1 Xen | 2017-08-28 | 1.9 LOW | N/A |
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. | |||||
CVE-2013-1920 | 1 Xen | 1 Xen | 2017-08-28 | 4.4 MEDIUM | N/A |
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | |||||
CVE-2013-0231 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2017-08-28 | 4.9 MEDIUM | N/A |
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-1952 | 1 Xen | 1 Xen | 2017-08-28 | 1.9 LOW | N/A |
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. | |||||
CVE-2013-4551 | 1 Xen | 1 Xen | 2017-08-28 | 5.7 MEDIUM | N/A |
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." | |||||
CVE-2013-4369 | 1 Xen | 1 Xen | 2017-08-28 | 1.9 LOW | N/A |
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. | |||||
CVE-2012-5511 | 1 Xen | 1 Xen | 2017-08-28 | 4.7 MEDIUM | N/A |
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. | |||||
CVE-2012-5510 | 1 Xen | 1 Xen | 2017-08-28 | 4.7 MEDIUM | N/A |
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. | |||||
CVE-2012-5525 | 1 Xen | 1 Xen | 2017-08-28 | 4.7 MEDIUM | N/A |
The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. | |||||
CVE-2012-4544 | 1 Xen | 1 Xen | 2017-08-28 | 2.1 LOW | N/A |
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. | |||||
CVE-2012-4539 | 1 Xen | 1 Xen | 2017-08-28 | 2.1 LOW | N/A |
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability." | |||||
CVE-2012-4538 | 1 Xen | 1 Xen | 2017-08-28 | 4.9 MEDIUM | N/A |
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. | |||||
CVE-2012-4537 | 1 Xen | 1 Xen | 2017-08-28 | 2.1 LOW | N/A |
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | |||||
CVE-2012-4536 | 1 Xen | 1 Xen | 2017-08-28 | 2.1 LOW | N/A |
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. | |||||
CVE-2012-4535 | 1 Xen | 1 Xen | 2017-08-28 | 1.9 LOW | N/A |
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." | |||||
CVE-2013-0154 | 1 Xen | 1 Xen | 2017-08-28 | 1.9 LOW | N/A |
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. | |||||
CVE-2013-0153 | 1 Xen | 1 Xen | 2017-08-28 | 4.7 MEDIUM | N/A |
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. | |||||
CVE-2012-6333 | 1 Xen | 1 Xen | 2017-08-28 | 4.7 MEDIUM | N/A |
Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | |||||
CVE-2012-6036 | 1 Xen | 1 Xen | 2017-08-28 | 4.4 MEDIUM | N/A |
The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. |