VYPR

Xen

by Xen Project

CVEs (64)

  • CVE-2023-46838HigJan 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts…

  • CVE-2021-28702HigOct 6, 2021
    risk 0.49cvss 7.6epss 0.00

    PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is…

  • CVE-2019-19583HigDec 11, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the…

  • CVE-2022-42327HigNov 1, 2022
    risk 0.46cvss 7.1epss 0.00

    x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that…

  • CVE-2021-28703HigDec 7, 2021
    risk 0.46cvss 7.0epss 0.00

    grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however,…

  • CVE-2019-18424MedOct 31, 2019
    risk 0.44cvss 6.8epss 0.01

    An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI…

  • CVE-2016-7154MedSep 21, 2016
    risk 0.44cvss 6.7epss 0.01

    Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

  • CVE-2019-19580MedDec 11, 2019
    risk 0.43cvss 6.6epss 0.01

    An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in…

  • CVE-2024-45818MedDec 19, 2024
    risk 0.42cvss 6.5epss 0.00

    The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a…

  • CVE-2022-42334MedMar 21, 2023
    risk 0.42cvss 6.5epss 0.00

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2022-33746MedOct 11, 2022
    risk 0.42cvss 6.5epss 0.00

    P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was…

  • CVE-2022-26362MedJun 9, 2022
    risk 0.42cvss 6.4epss 0.00

    x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables;…

  • CVE-2021-28713MedJan 5, 2022
    risk 0.42cvss 6.5epss 0.00

    Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically…

  • CVE-2021-28711MedJan 5, 2022
    risk 0.42cvss 6.5epss 0.00

    Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically…

  • CVE-2021-28690MedJun 29, 2021
    risk 0.42cvss 6.5epss 0.01

    x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires…

  • CVE-2021-28688MedApr 6, 2021
    risk 0.42cvss 6.5epss 0.00

    The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup…

  • CVE-2020-29483MedDec 15, 2020
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from…

  • CVE-2020-29568MedDec 15, 2020
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be…

  • CVE-2020-25597MedSep 23, 2020
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life…

  • CVE-2016-9815MedFeb 27, 2017
    risk 0.42cvss 6.5epss 0.00

    Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.