VYPR

Xen

by Xen

Source repositories

CVEs (479)

  • CVE-2017-17566HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

  • CVE-2017-17564HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.

  • CVE-2017-17563HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.

  • CVE-2017-15588HigOct 18, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.

  • CVE-2017-12136HigAug 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

  • CVE-2016-10013HigJan 26, 2017
    risk 0.51cvss 7.8epss 0.00

    Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.

  • CVE-2016-9386HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.00

    The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

  • CVE-2016-9382HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to…

  • CVE-2016-9379HigJan 23, 2017
    risk 0.51cvss 7.9epss 0.00

    The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

  • CVE-2016-3157HigApr 12, 2016
    risk 0.51cvss 7.8epss 0.01

    The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by…

  • CVE-2017-10922HigJul 5, 2017
    risk 0.49cvss 7.5epss 0.02

    The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.

  • CVE-2017-10916HigJul 5, 2017
    risk 0.49cvss 7.5epss 0.01

    The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

  • CVE-2016-9637HigFeb 17, 2017
    risk 0.49cvss 7.5epss 0.00

    The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

  • CVE-2016-9381HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.00

    Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

  • CVE-2016-9380HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.00

    The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

  • CVE-2015-8554HigApr 14, 2016
    risk 0.49cvss 7.5epss 0.00

    Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and…

  • CVE-2026-23554HigMar 23, 2026
    risk 0.44cvss 7.8epss 0.00

    The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the…

  • CVE-2016-7154MedSep 21, 2016
    risk 0.44cvss 6.7epss 0.01

    Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

  • CVE-2016-4962MedJun 7, 2016
    risk 0.44cvss 6.7epss 0.00

    The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

  • CVE-2016-2270MedFeb 19, 2016
    risk 0.44cvss 6.8epss 0.01

    Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

Page 3 of 24