VYPR

Vendor CVEs

Xen

All CVEs

496 total · sorted by risk
  • CVE-2019-17348Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.

  • CVE-2019-17349Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.

  • CVE-2019-17350Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.

  • CVE-2019-17351Oct 8, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.

  • CVE-2018-19966Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists…

  • CVE-2018-19961Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

  • CVE-2018-19964Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.

  • CVE-2018-19967Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.

  • CVE-2018-19963Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.

  • CVE-2018-19962Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

  • CVE-2018-19965Dec 8, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754…

  • CVE-2018-18883Nov 1, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.

  • CVE-2015-8341Dec 17, 2015
    risk 0.00cvss epss 0.02

    The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by…

  • CVE-2015-8340Dec 17, 2015
    risk 0.00cvss epss 0.00

    The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.

  • CVE-2015-8339Dec 17, 2015
    risk 0.00cvss epss 0.00

    The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.

  • CVE-2015-8338Dec 17, 2015
    risk 0.00cvss epss 0.00

    Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a…

  • CVE-2015-7812Nov 17, 2015
    risk 0.00cvss epss 0.00

    The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.

  • CVE-2015-5307Nov 16, 2015
    risk 0.00cvss epss 0.01

    The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

  • CVE-2015-7972Oct 30, 2015
    risk 0.00cvss epss 0.00

    The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users…

  • CVE-2015-7971Oct 30, 2015
    risk 0.00cvss epss 0.00

    Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled…

  • CVE-2015-7970Oct 30, 2015
    risk 0.00cvss epss 0.00

    The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a…

  • CVE-2015-7969Oct 30, 2015
    risk 0.00cvss epss 0.00

    Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1)…

  • CVE-2015-7835Oct 30, 2015
    risk 0.00cvss epss 0.00

    The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

  • CVE-2015-7814Oct 30, 2015
    risk 0.00cvss epss 0.00

    Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation…

  • CVE-2015-7813Oct 30, 2015
    risk 0.00cvss epss 0.00

    Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the…

  • CVE-2015-7311Oct 1, 2015
    risk 0.00cvss epss 0.00

    libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

  • CVE-2015-6654Sep 3, 2015
    risk 0.00cvss epss 0.00

    The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by…

  • CVE-2015-5166Aug 12, 2015
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

  • CVE-2015-5154Aug 12, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

  • CVE-2015-3259Jul 16, 2015
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.

  • CVE-2015-4164Jun 15, 2015
    risk 0.00cvss epss 0.00

    The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.

  • CVE-2015-4163Jun 15, 2015
    risk 0.00cvss epss 0.00

    GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.

  • CVE-2015-4105Jun 3, 2015
    risk 0.00cvss epss 0.00

    Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.

  • CVE-2015-4104Jun 3, 2015
    risk 0.00cvss epss 0.03

    Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.

  • CVE-2015-4103Jun 3, 2015
    risk 0.00cvss epss 0.00

    Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

  • CVE-2015-3340Apr 28, 2015
    risk 0.00cvss epss 0.01

    Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

  • CVE-2015-0777Apr 5, 2015
    risk 0.00cvss epss 0.00

    drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in…

  • CVE-2015-2756Apr 1, 2015
    risk 0.00cvss epss 0.00

    QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express…

  • CVE-2015-2752Apr 1, 2015
    risk 0.00cvss epss 0.00

    The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

  • CVE-2015-2751Apr 1, 2015
    risk 0.00cvss epss 0.02

    Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

  • CVE-2015-2152Mar 18, 2015
    risk 0.00cvss epss 0.00

    Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when…

  • CVE-2015-2151Mar 12, 2015
    risk 0.00cvss epss 0.01

    The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via…

  • CVE-2015-2150Mar 12, 2015
    risk 0.00cvss epss 0.01

    Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a…

  • CVE-2015-2045Mar 12, 2015
    risk 0.00cvss epss 0.00

    The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

  • CVE-2015-2044Mar 12, 2015
    risk 0.00cvss epss 0.00

    The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

  • CVE-2015-0268Feb 16, 2015
    risk 0.00cvss epss 0.00

    The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register.

  • CVE-2015-1563Feb 9, 2015
    risk 0.00cvss epss 0.00

    The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

  • CVE-2014-6268Jan 12, 2015
    risk 0.00cvss epss 0.00

    The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.

  • CVE-2015-0361Jan 7, 2015
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

  • CVE-2014-9066Dec 9, 2014
    risk 0.00cvss epss 0.00

    Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different…

Page 7 of 10