VYPR

Vendor CVEs

Xen

All CVEs

496 total · sorted by risk
  • CVE-2022-26360Apr 5, 2022
    risk 0.00cvss epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26361Apr 5, 2022
    risk 0.00cvss epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26359Apr 5, 2022
    risk 0.00cvss epss 0.00

    IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via…

  • CVE-2022-26356Apr 5, 2022
    risk 0.00cvss epss 0.00

    Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to…

  • CVE-2022-23042Mar 10, 2022
    risk 0.00cvss epss 0.00

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access…

  • CVE-2022-23041Mar 10, 2022
    risk 0.00cvss epss 0.00

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access…

  • CVE-2022-23038Mar 10, 2022
    risk 0.00cvss epss 0.00

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access…

  • CVE-2022-23037Mar 10, 2022
    risk 0.00cvss epss 0.00

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access…

  • CVE-2022-23036Mar 10, 2022
    risk 0.00cvss epss 0.00

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access…

  • CVE-2022-23035Jan 25, 2022
    risk 0.00cvss epss 0.00

    Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not…

  • CVE-2022-23034Jan 25, 2022
    risk 0.00cvss epss 0.00

    A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping,…

  • CVE-2022-23033Jan 25, 2022
    risk 0.00cvss epss 0.00

    arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if…

  • CVE-2021-28713Jan 5, 2022
    risk 0.00cvss epss 0.00

    Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically…

  • CVE-2021-28712Jan 5, 2022
    risk 0.00cvss epss 0.00

    Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically…

  • CVE-2021-28711Jan 5, 2022
    risk 0.00cvss epss 0.00

    Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically…

  • CVE-2021-28703Dec 7, 2021
    risk 0.00cvss epss 0.00

    grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however,…

  • CVE-2021-28706Nov 24, 2021
    risk 0.00cvss epss 0.02

    guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit…

  • CVE-2021-28704Nov 24, 2021
    risk 0.00cvss epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28708Nov 24, 2021
    risk 0.00cvss epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28705Nov 24, 2021
    risk 0.00cvss epss 0.00

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them…

  • CVE-2021-28709Nov 24, 2021
    risk 0.00cvss epss 0.00

    issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them…

  • CVE-2021-28707Nov 24, 2021
    risk 0.00cvss epss 0.00

    PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily…

  • CVE-2021-28710Nov 21, 2021
    risk 0.00cvss epss 0.00

    certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are…

  • CVE-2021-28702Oct 6, 2021
    risk 0.00cvss epss 0.00

    PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is…

  • CVE-2021-28701Sep 8, 2021
    risk 0.00cvss epss 0.00

    Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest…

  • CVE-2021-28695Aug 27, 2021
    risk 0.00cvss epss 0.00

    IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically…

  • CVE-2021-28696Aug 27, 2021
    risk 0.00cvss epss 0.00

    IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically…

  • CVE-2021-28694Aug 27, 2021
    risk 0.00cvss epss 0.00

    IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically…

  • CVE-2021-28697Aug 27, 2021
    risk 0.00cvss epss 0.00

    grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get…

  • CVE-2021-28698Aug 27, 2021
    risk 0.00cvss epss 0.00

    long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such…

  • CVE-2021-28699Aug 27, 2021
    risk 0.00cvss epss 0.00

    inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status…

  • CVE-2021-28700Aug 27, 2021
    risk 0.00cvss epss 0.02

    xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator…

  • CVE-2021-28693Jun 30, 2021
    risk 0.00cvss epss 0.00

    xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the…

  • CVE-2021-28692Jun 30, 2021
    risk 0.00cvss epss 0.00

    inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used.…

  • CVE-2021-28690Jun 29, 2021
    risk 0.00cvss epss 0.01

    x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires…

  • CVE-2021-28687Jun 11, 2021
    risk 0.00cvss epss 0.00

    HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline,…

  • CVE-2021-28689Jun 11, 2021
    risk 0.00cvss epss 0.00

    x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's…

  • CVE-2021-28039Mar 5, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a…

  • CVE-2021-27379Feb 18, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were…

  • CVE-2021-26933Feb 17, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page…

  • CVE-2021-3308Jan 26, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots…

  • CVE-2020-29486Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0,…

  • CVE-2020-29481Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights…

  • CVE-2020-29484Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering…

  • CVE-2020-29482Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests'…

  • CVE-2020-29479Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root…

  • CVE-2020-29571Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected…

  • CVE-2020-29570Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or…

  • CVE-2020-29569Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly…

  • CVE-2020-29568Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be…

Page 5 of 10