VYPR

Xen

by Xen Project

CVEs (64)

  • CVE-2021-28708HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28707HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28704HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28710HigNov 21, 2021
    risk 0.57cvss 8.8epss 0.00

    certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are…

  • CVE-2020-29481HigDec 15, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights…

  • CVE-2020-29479HigDec 15, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root…

  • CVE-2020-11741HigApr 14, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the…

  • CVE-2022-42333HigMar 21, 2023
    risk 0.56cvss 8.6epss 0.01

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2021-28706HigNov 24, 2021
    risk 0.56cvss 8.6epss 0.02

    guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit…

  • CVE-2026-23558HigMay 19, 2026
    risk 0.51cvss 7.8epss 0.00

    The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may…

  • CVE-2023-34322HigJan 5, 2024
    risk 0.51cvss 7.8epss 0.00

    For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests…

  • CVE-2022-26361HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26360HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26359HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26358HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-23033HigJan 25, 2022
    risk 0.51cvss 7.8epss 0.00

    arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if…

  • CVE-2021-28709HigNov 24, 2021
    risk 0.51cvss 7.8epss 0.00

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them…

  • CVE-2021-28705HigNov 24, 2021
    risk 0.51cvss 7.8epss 0.00

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them…

  • CVE-2021-28697HigAug 27, 2021
    risk 0.51cvss 7.8epss 0.00

    grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get…

  • CVE-2025-1713HigJul 17, 2025
    risk 0.49cvss 7.5epss 0.01

    When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.

Page 1 of 4