Filtered by vendor Xen
Subscribe
Total
446 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7970 | 1 Xen | 1 Xen | 2017-06-30 | 4.9 MEDIUM | N/A |
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. | |||||
CVE-2015-7814 | 1 Xen | 1 Xen | 2017-06-30 | 4.7 MEDIUM | N/A |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. | |||||
CVE-2015-8554 | 1 Xen | 1 Xen | 2017-06-30 | 6.6 MEDIUM | 7.5 HIGH |
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." | |||||
CVE-2016-2271 | 1 Xen | 1 Xen | 2017-06-30 | 2.1 LOW | 5.5 MEDIUM |
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | |||||
CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-06-30 | 6.1 MEDIUM | N/A |
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | |||||
CVE-2013-1964 | 1 Xen | 1 Xen | 2017-06-29 | 6.9 MEDIUM | N/A |
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | |||||
CVE-2013-1432 | 1 Xen | 1 Xen | 2017-06-29 | 7.4 HIGH | N/A |
Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2017-05-15 | 1.7 LOW | 3.8 LOW |
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | |||||
CVE-2016-7154 | 1 Xen | 1 Xen | 2017-04-09 | 7.2 HIGH | 6.7 MEDIUM |
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. | |||||
CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-01-27 | 2.1 LOW | 5.5 MEDIUM |
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | |||||
CVE-2014-1893 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | |||||
CVE-2013-4375 | 2 Qemu, Xen | 2 Qemu, Xen | 2017-01-06 | 2.7 LOW | N/A |
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. | |||||
CVE-2013-4371 | 1 Xen | 1 Xen | 2017-01-06 | 4.4 MEDIUM | N/A |
Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2013-4370 | 1 Xen | 1 Xen | 2017-01-06 | 4.6 MEDIUM | N/A |
The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. | |||||
CVE-2013-4361 | 1 Xen | 1 Xen | 2017-01-06 | 2.1 LOW | N/A |
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. | |||||
CVE-2013-4356 | 1 Xen | 1 Xen | 2017-01-06 | 5.4 MEDIUM | N/A |
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | |||||
CVE-2013-4329 | 1 Xen | 1 Xen | 2017-01-06 | 6.5 MEDIUM | N/A |
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | |||||
CVE-2014-1892 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. | |||||
CVE-2013-4416 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. | |||||
CVE-2014-1894 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. |