VYPR
Vendor

Xen Project

Products
13
CVEs
94
Across products
96
Status
Private

Products

13

Recent CVEs

94
View all 94 CVEs →
  • CVE-2022-42309HigNov 1, 2022
    risk 0.57cvss 8.8epss 0.00

    Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the…

  • CVE-2021-28708HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28707HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28704HigNov 24, 2021
    risk 0.57cvss 8.8epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28710HigNov 21, 2021
    risk 0.57cvss 8.8epss 0.00

    certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are…

  • CVE-2020-29481HigDec 15, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights…

  • CVE-2020-29479HigDec 15, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root…

  • CVE-2020-11741HigApr 14, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the…

  • CVE-2022-42333HigMar 21, 2023
    risk 0.56cvss 8.6epss 0.01

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2021-28706HigNov 24, 2021
    risk 0.56cvss 8.6epss 0.02

    guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit…

  • CVE-2023-4949HigNov 10, 2023
    risk 0.53cvss 8.1epss 0.00

    An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

  • CVE-2026-23558HigMay 19, 2026
    risk 0.51cvss 7.8epss 0.00

    The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may…

  • CVE-2023-34325HigJan 5, 2024
    risk 0.51cvss 7.8epss 0.00

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest…

  • CVE-2023-34322HigJan 5, 2024
    risk 0.51cvss 7.8epss 0.00

    For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests…

  • CVE-2022-26361HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26360HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26359HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26358HigApr 5, 2022
    risk 0.51cvss 7.8epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-23033HigJan 25, 2022
    risk 0.51cvss 7.8epss 0.00

    arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if…

  • CVE-2021-28709HigNov 24, 2021
    risk 0.51cvss 7.8epss 0.00

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them…