VYPR

Xen

by Xen

Source repositories

CVEs (479)

  • CVE-2016-9816MedFeb 27, 2017
    risk 0.42cvss 6.5epss 0.00

    Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.

  • CVE-2016-9815MedFeb 27, 2017
    risk 0.42cvss 6.5epss 0.00

    Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.

  • CVE-2016-9384MedFeb 22, 2017
    risk 0.42cvss 6.5epss 0.00

    Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.

  • CVE-2014-3672MedMay 25, 2016
    risk 0.42cvss 6.5epss 0.00

    The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

  • CVE-2015-8553MedApr 13, 2016
    risk 0.42cvss 6.5epss 0.00

    Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

  • CVE-2016-7777MedOct 7, 2016
    risk 0.41cvss 6.3epss 0.00

    Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to…

  • CVE-2016-1571MedJan 22, 2016
    risk 0.41cvss 6.3epss 0.01

    The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID…

  • CVE-2016-6259MedAug 2, 2016
    risk 0.40cvss 6.2epss 0.01

    Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

  • CVE-2026-23555HigMar 23, 2026
    risk 0.39cvss 7.1epss 0.00

    Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored.…

  • CVE-2018-15468MedAug 17, 2018
    risk 0.39cvss 6.0epss 0.00

    An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably…

  • CVE-2017-15596MedOct 18, 2017
    risk 0.39cvss 6.0epss 0.00

    An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

  • CVE-2016-10024MedJan 26, 2017
    risk 0.39cvss 6.0epss 0.00

    Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

  • CVE-2016-9385MedJan 23, 2017
    risk 0.39cvss 6.0epss 0.00

    The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

  • CVE-2018-10472MedApr 27, 2018
    risk 0.36cvss 5.6epss 0.00

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

  • CVE-2017-17565MedDec 12, 2017
    risk 0.36cvss 5.6epss 0.00

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.

  • CVE-2017-14431MedSep 13, 2017
    risk 0.36cvss 5.5epss 0.00

    Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.

  • CVE-2017-14317MedSep 12, 2017
    risk 0.36cvss 5.6epss 0.00

    A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on…

  • CVE-2016-9378MedFeb 22, 2017
    risk 0.36cvss 5.5epss 0.00

    Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.

  • CVE-2016-9377MedFeb 22, 2017
    risk 0.36cvss 5.5epss 0.00

    Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

  • CVE-2016-10025MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.00

    VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.

Page 5 of 24