Total
443 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2271 | 1 Xen | 1 Xen | 2017-06-30 | 2.1 LOW | 5.5 MEDIUM |
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | |||||
CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-06-30 | 7.2 HIGH | 8.8 HIGH |
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||||
CVE-2013-1432 | 1 Xen | 1 Xen | 2017-06-29 | 7.4 HIGH | N/A |
Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2013-1964 | 1 Xen | 1 Xen | 2017-06-29 | 6.9 MEDIUM | N/A |
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | |||||
CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2017-05-15 | 1.7 LOW | 3.8 LOW |
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | |||||
CVE-2016-7154 | 1 Xen | 1 Xen | 2017-04-09 | 7.2 HIGH | 6.7 MEDIUM |
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. | |||||
CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-01-27 | 2.1 LOW | 5.5 MEDIUM |
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | |||||
CVE-2013-4371 | 1 Xen | 1 Xen | 2017-01-06 | 4.4 MEDIUM | N/A |
Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2013-4375 | 2 Qemu, Xen | 2 Qemu, Xen | 2017-01-06 | 2.7 LOW | N/A |
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. | |||||
CVE-2013-4416 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. | |||||
CVE-2013-4553 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). | |||||
CVE-2013-1442 | 1 Xen | 1 Xen | 2017-01-06 | 1.2 LOW | N/A |
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. | |||||
CVE-2014-1896 | 1 Xen | 1 Xen | 2017-01-06 | 4.9 MEDIUM | N/A |
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring." | |||||
CVE-2013-4329 | 1 Xen | 1 Xen | 2017-01-06 | 6.5 MEDIUM | N/A |
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | |||||
CVE-2013-4356 | 1 Xen | 1 Xen | 2017-01-06 | 5.4 MEDIUM | N/A |
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | |||||
CVE-2013-4361 | 1 Xen | 1 Xen | 2017-01-06 | 2.1 LOW | N/A |
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. | |||||
CVE-2013-4370 | 1 Xen | 1 Xen | 2017-01-06 | 4.6 MEDIUM | N/A |
The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. | |||||
CVE-2014-1895 | 1 Xen | 1 Xen | 2017-01-06 | 5.8 MEDIUM | N/A |
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. | |||||
CVE-2013-4554 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. | |||||
CVE-2013-6400 | 1 Xen | 1 Xen | 2017-01-06 | 6.8 MEDIUM | N/A |
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. |