Total
443 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2599 | 1 Xen | 1 Xen | 2017-01-06 | 4.9 MEDIUM | N/A |
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input. | |||||
CVE-2014-1891 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. | |||||
CVE-2014-1892 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. | |||||
CVE-2014-1893 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | |||||
CVE-2014-1894 | 1 Xen | 1 Xen | 2017-01-06 | 5.2 MEDIUM | N/A |
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. | |||||
CVE-2013-2072 | 2 Debian, Xen | 2 Debian Linux, Xen | 2016-12-30 | 7.4 HIGH | N/A |
Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. | |||||
CVE-2013-2212 | 1 Xen | 1 Xen | 2016-12-21 | 5.7 MEDIUM | N/A |
The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. | |||||
CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2016-12-07 | 2.1 LOW | N/A |
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | |||||
CVE-2015-8338 | 1 Xen | 1 Xen | 2016-12-07 | 7.2 HIGH | N/A |
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-6654 | 1 Xen | 1 Xen | 2016-12-07 | 2.1 LOW | N/A |
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | |||||
CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2016-12-02 | 7.2 HIGH | 8.8 HIGH |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2016-12-02 | 1.7 LOW | 3.8 LOW |
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
CVE-2016-3157 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | |||||
CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2016-11-30 | 7.2 HIGH | 8.4 HIGH |
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |||||
CVE-2016-5242 | 1 Xen | 1 Xen | 2016-11-28 | 4.7 MEDIUM | 5.6 MEDIUM |
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. | |||||
CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2016-11-28 | 6.8 MEDIUM | 6.7 MEDIUM |
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | |||||
CVE-2016-3961 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. | |||||
CVE-2015-8615 | 1 Xen | 1 Xen | 2016-11-28 | 2.1 LOW | 5.0 MEDIUM |
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ). | |||||
CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2016-08-03 | 4.9 MEDIUM | 6.2 MEDIUM |
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | |||||
CVE-2011-1166 | 1 Xen | 1 Xen | 2015-10-05 | 5.5 MEDIUM | N/A |
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. |