VYPR

Xen

by Citrix Systems

CVEs (19)

  • CVE-2017-15592HigOct 18, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.

  • CVE-2017-14316HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.00

    A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While…

  • CVE-2017-12137HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.00

    arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

  • CVE-2017-12134HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.01

    The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block…

  • CVE-2017-17566HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

  • CVE-2016-9382HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to…

  • CVE-2017-14318MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is…

  • CVE-2017-12855MedAug 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some…

  • CVE-2017-17565MedDec 12, 2017
    risk 0.36cvss 5.6epss 0.00

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.

  • CVE-2008-4405Oct 3, 2008
    risk 0.03cvss epss 0.01

    xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by…

  • CVE-2015-4103Jun 3, 2015
    risk 0.00cvss epss 0.00

    Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

  • CVE-2011-3262Aug 19, 2011
    risk 0.00cvss epss 0.00

    tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."

  • CVE-2011-1898Aug 12, 2011
    risk 0.00cvss epss 0.01

    Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

  • CVE-2011-1583Aug 12, 2011
    risk 0.00cvss epss 0.01

    Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a…

  • CVE-2010-4255Jan 25, 2011
    risk 0.00cvss epss 0.01

    The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of…

  • CVE-2010-4238Jan 22, 2011
    risk 0.00cvss epss 0.01

    The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these…

  • CVE-2010-4247Jan 11, 2011
    risk 0.00cvss epss 0.01

    The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large…

  • CVE-2010-3699Dec 8, 2010
    risk 0.00cvss epss 0.01

    The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly,…

  • CVE-2008-5716Dec 24, 2008
    risk 0.00cvss epss 0.00

    xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3)…