VYPR

Xen

by Xen

Source repositories

CVEs (479)

  • CVE-2017-14316HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.00

    A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While…

  • CVE-2017-12137HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.00

    arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

  • CVE-2017-12135HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.00

    Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.

  • CVE-2017-12134HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.01

    The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block…

  • CVE-2017-8905HigMay 11, 2017
    risk 0.57cvss 8.8epss 0.00

    Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

  • CVE-2017-8904HigMay 11, 2017
    risk 0.57cvss 8.8epss 0.00

    Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.

  • CVE-2017-8903HigMay 11, 2017
    risk 0.57cvss 8.8epss 0.00

    Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.

  • CVE-2016-9383HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.01

    Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test…

  • CVE-2016-6258HigAug 2, 2016
    risk 0.57cvss 8.8epss 0.00

    The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

  • CVE-2016-3960HigApr 19, 2016
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

  • CVE-2017-7228HigApr 4, 2017
    risk 0.56cvss 8.2epss 0.02

    An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest…

  • CVE-2015-8555HigApr 13, 2016
    risk 0.56cvss 8.6epss 0.02

    Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

  • CVE-2016-4480HigMay 18, 2016
    risk 0.55cvss 8.4epss 0.01

    The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

  • CVE-2016-1570HigJan 22, 2016
    risk 0.55cvss 8.5epss 0.01

    The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1)…

  • CVE-2017-10914HigJul 5, 2017
    risk 0.53cvss 8.1epss 0.02

    The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.

  • CVE-2016-7093HigSep 21, 2016
    risk 0.53cvss 8.2epss 0.00

    Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

  • CVE-2016-7092HigSep 21, 2016
    risk 0.53cvss 8.2epss 0.00

    The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

  • CVE-2015-8550HigApr 14, 2016
    risk 0.53cvss 8.2epss 0.01

    Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

  • CVE-2018-15471HigAug 17, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing…

  • CVE-2018-14678HigJul 28, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and…

Page 2 of 24