VYPR

Xen

by Xen

Source repositories

CVEs (479)

  • CVE-2023-46839Mar 20, 2024
    risk 0.00cvss epss 0.01

    PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions…

  • CVE-2023-46838Jan 29, 2024
    risk 0.00cvss epss 0.01

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts…

  • CVE-2023-46837Jan 5, 2024
    risk 0.00cvss epss 0.00

    Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the…

  • CVE-2023-46836Jan 5, 2024
    risk 0.00cvss epss 0.00

    The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left…

  • CVE-2023-46835Jan 5, 2024
    risk 0.00cvss epss 0.00

    The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels…

  • CVE-2023-34328Jan 5, 2024
    risk 0.00cvss epss 0.00

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are…

  • CVE-2023-34327Jan 5, 2024
    risk 0.00cvss epss 0.00

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are…

  • CVE-2023-34325Jan 5, 2024
    risk 0.00cvss epss 0.00

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest…

  • CVE-2023-34326Jan 5, 2024
    risk 0.00cvss epss 0.00

    The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA…

  • CVE-2023-34323Jan 5, 2024
    risk 0.00cvss epss 0.00

    When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C…

  • CVE-2023-34322Jan 5, 2024
    risk 0.00cvss epss 0.00

    For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests…

  • CVE-2023-34321Jan 5, 2024
    risk 0.00cvss epss 0.00

    Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the…

  • CVE-2023-34320Dec 8, 2023
    risk 0.00cvss epss 0.00

    Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address…

  • CVE-2022-42336May 17, 2023
    risk 0.00cvss epss 0.00

    Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of…

  • CVE-2022-42335Apr 25, 2023
    risk 0.00cvss epss 0.00

    x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for…

  • CVE-2022-42331Mar 21, 2023
    risk 0.00cvss epss 0.00

    x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be…

  • CVE-2022-42334Mar 21, 2023
    risk 0.00cvss epss 0.00

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2022-42332Mar 21, 2023
    risk 0.00cvss epss 0.00

    x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page…

  • CVE-2022-42333Mar 21, 2023
    risk 0.00cvss epss 0.01

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2022-42330Jan 26, 2023
    risk 0.00cvss epss 0.01

    Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use…

Page 8 of 24