VYPR

Vendor CVEs

Xen

All CVEs

496 total · sorted by risk
  • CVE-2020-29567Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met…

  • CVE-2020-29566Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is…

  • CVE-2020-29040Nov 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.

  • CVE-2020-28368Nov 10, 2020
    risk 0.00cvss epss 0.00

    Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the…

  • CVE-2020-27670Oct 22, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

  • CVE-2020-27671Oct 22, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

  • CVE-2020-27672Oct 22, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

  • CVE-2020-27673Oct 22, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.

  • CVE-2020-27674Oct 22, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

  • CVE-2020-25596Sep 23, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it…

  • CVE-2020-25604Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to…

  • CVE-2020-25602Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest…

  • CVE-2020-25601Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event…

  • CVE-2020-25600Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness)…

  • CVE-2020-25599Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to…

  • CVE-2020-25598Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is…

  • CVE-2020-25597Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life…

  • CVE-2020-25595Sep 23, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI…

  • CVE-2020-15852Jul 20, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization…

  • CVE-2020-15567Jul 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of…

  • CVE-2020-15564Jul 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor.…

  • CVE-2020-15565Jul 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require…

  • CVE-2020-15563Jul 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A…

  • CVE-2020-15566Jul 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory…

  • CVE-2020-11743Apr 14, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one…

  • CVE-2020-11742Apr 14, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135…

  • CVE-2020-11741Apr 14, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the…

  • CVE-2020-11740Apr 14, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests.…

  • CVE-2020-11739Apr 14, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a…

  • CVE-2019-19577Dec 11, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically…

  • CVE-2019-19578Dec 11, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at…

  • CVE-2019-19580Dec 11, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in…

  • CVE-2019-19581Dec 11, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over…

  • CVE-2019-19582Dec 11, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits…

  • CVE-2019-19583Dec 11, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the…

  • CVE-2019-19579Dec 4, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the…

  • CVE-2019-18425Oct 31, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table…

  • CVE-2019-18424Oct 31, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI…

  • CVE-2019-18423Oct 31, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame.…

  • CVE-2019-18422Oct 31, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system…

  • CVE-2019-18421Oct 31, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for…

  • CVE-2019-18420Oct 31, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling…

  • CVE-2019-17340Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.

  • CVE-2019-17341Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.

  • CVE-2019-17342Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.

  • CVE-2019-17343Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.

  • CVE-2019-17344Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.

  • CVE-2019-17345Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.

  • CVE-2019-17346Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.

  • CVE-2019-17347Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).

Page 6 of 10