VYPR

Vendor CVEs

Xen

All CVEs

496 total · sorted by risk
  • CVE-2023-34325Jan 5, 2024
    risk 0.00cvss epss 0.00

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest…

  • CVE-2023-34326Jan 5, 2024
    risk 0.00cvss epss 0.00

    The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA…

  • CVE-2023-34323Jan 5, 2024
    risk 0.00cvss epss 0.00

    When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C…

  • CVE-2023-34322Jan 5, 2024
    risk 0.00cvss epss 0.00

    For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests…

  • CVE-2023-34321Jan 5, 2024
    risk 0.00cvss epss 0.00

    Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the…

  • CVE-2023-6693Jan 2, 2024
    risk 0.00cvss epss 0.00

    A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious…

  • CVE-2023-34320Dec 8, 2023
    risk 0.00cvss epss 0.00

    Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address…

  • CVE-2023-4135Aug 4, 2023
    risk 0.00cvss epss 0.00

    A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an…

  • CVE-2022-42336May 17, 2023
    risk 0.00cvss epss 0.00

    Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of…

  • CVE-2022-42335Apr 25, 2023
    risk 0.00cvss epss 0.00

    x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for…

  • CVE-2022-42334Mar 21, 2023
    risk 0.00cvss epss 0.00

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2022-42332Mar 21, 2023
    risk 0.00cvss epss 0.00

    x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page…

  • CVE-2022-42331Mar 21, 2023
    risk 0.00cvss epss 0.00

    x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be…

  • CVE-2022-42333Mar 21, 2023
    risk 0.00cvss epss 0.01

    x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to…

  • CVE-2022-42330Jan 26, 2023
    risk 0.00cvss epss 0.01

    Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use…

  • CVE-2022-3643Dec 7, 2022
    risk 0.00cvss epss 0.00

    Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux…

  • CVE-2022-42329Dec 7, 2022
    risk 0.00cvss epss 0.00

    Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to…

  • CVE-2022-42322Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be…

  • CVE-2022-42326Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the…

  • CVE-2022-42321Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of…

  • CVE-2022-42312Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42316Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42318Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42315Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42309Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the…

  • CVE-2022-42324Nov 1, 2022
    risk 0.00cvss epss 0.00

    Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates…

  • CVE-2022-42314Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42320Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those…

  • CVE-2022-42319Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to…

  • CVE-2022-42311Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42313Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42317Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42323Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be…

  • CVE-2022-42325Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the…

  • CVE-2022-42310Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the…

  • CVE-2022-42327Nov 1, 2022
    risk 0.00cvss epss 0.00

    x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that…

  • CVE-2022-33748Oct 11, 2022
    risk 0.00cvss epss 0.00

    lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can…

  • CVE-2022-33746Oct 11, 2022
    risk 0.00cvss epss 0.00

    P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was…

  • CVE-2022-33747Oct 11, 2022
    risk 0.00cvss epss 0.00

    Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory…

  • CVE-2022-33745Jul 26, 2022
    risk 0.00cvss epss 0.00

    insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable…

  • CVE-2022-33742Jul 5, 2022
    risk 0.00cvss epss 0.00

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend…

  • CVE-2022-33741Jul 5, 2022
    risk 0.00cvss epss 0.00

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend…

  • CVE-2022-33740Jul 5, 2022
    risk 0.00cvss epss 0.00

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend…

  • CVE-2022-26365Jul 5, 2022
    risk 0.00cvss epss 0.00

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend…

  • CVE-2022-33743Jul 5, 2022
    risk 0.00cvss epss 0.00

    network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

  • CVE-2022-26362Jun 9, 2022
    risk 0.00cvss epss 0.00

    x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables;…

  • CVE-2022-26364Jun 9, 2022
    risk 0.00cvss epss 0.00

    x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This…

  • CVE-2022-26363Jun 9, 2022
    risk 0.00cvss epss 0.00

    x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This…

  • CVE-2022-26359Apr 5, 2022
    risk 0.00cvss epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26356Apr 5, 2022
    risk 0.00cvss epss 0.00

    Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to…

Page 4 of 10