Total
489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4163 | 1 Xen | 1 Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
|
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
|
|||||
| CVE-2014-1895 | 1 Xen | 1 Xen | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
|
|||||
| CVE-2014-3716 | 1 Xen | 1 Xen | 2025-04-12 | 1.9 LOW | N/A |
|
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
|
|||||
| CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
|
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
|
|||||
| CVE-2014-1893 | 1 Xen | 1 Xen | 2025-04-12 | 5.2 MEDIUM | N/A |
|
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.
|
|||||
| CVE-2015-7971 | 1 Xen | 1 Xen | 2025-04-12 | 2.1 LOW | N/A |
|
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
|
|||||
| CVE-2014-3967 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
|
|||||
| CVE-2014-5146 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
|
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
|
|||||
| CVE-2015-8339 | 1 Xen | 1 Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
|
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
|
|||||
| CVE-2015-8615 | 1 Xen | 1 Xen | 2025-04-12 | 2.1 LOW | 5.0 MEDIUM |
|
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).
|
|||||
| CVE-2014-2915 | 1 Xen | 1 Xen | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
|
|||||
| CVE-2016-7093 | 1 Xen | 1 Xen | 2025-04-12 | 7.2 HIGH | 8.2 HIGH |
|
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
|
|||||
| CVE-2014-9066 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
|
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.
|
|||||
| CVE-2014-3125 | 1 Xen | 1 Xen | 2025-04-12 | 6.2 MEDIUM | N/A |
|
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.
|
|||||
| CVE-2015-4105 | 1 Xen | 1 Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
|
|||||
| CVE-2015-8341 | 1 Xen | 1 Xen | 2025-04-12 | 7.8 HIGH | N/A |
|
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
|
|||||
| CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-04-12 | 2.1 LOW | N/A |
|
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
|
|||||
| CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
|
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
|
|||||
| CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).
|
|||||
| CVE-2016-4963 | 1 Xen | 1 Xen | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
|
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
|
|||||
| CVE-2016-3961 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
|
|||||
| CVE-2015-7814 | 1 Xen | 1 Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
|
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.
|
|||||
| CVE-2014-1894 | 1 Xen | 1 Xen | 2025-04-12 | 5.2 MEDIUM | N/A |
|
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.
|
|||||
| CVE-2014-1892 | 1 Xen | 1 Xen | 2025-04-12 | 5.2 MEDIUM | N/A |
|
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
|
|||||
| CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | 5.4 MEDIUM | N/A |
|
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).
|
|||||
| CVE-2015-2756 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 4.9 MEDIUM | N/A |
|
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
|
|||||
| CVE-2015-5166 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | 7.2 HIGH | N/A |
|
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
|
|||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
|
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
|
|||||
| CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2025-04-12 | 1.7 LOW | 3.8 LOW |
|
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
|
|||||
| CVE-2015-4164 | 1 Xen | 1 Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
|
|||||
| CVE-2014-2986 | 1 Xen | 1 Xen | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.
|
|||||
| CVE-2014-8867 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Opensuse, Enterprise Linux and 2 more | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
|
|||||
| CVE-2014-5149 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
|
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
|
|||||
| CVE-2016-1570 | 1 Xen | 1 Xen | 2025-04-12 | 6.9 MEDIUM | 8.5 HIGH |
|
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
|
|||||
| CVE-2014-9065 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.4 MEDIUM | N/A |
|
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.
|
|||||
| CVE-2014-9030 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | 7.1 HIGH | N/A |
|
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
|
|||||
| CVE-2015-8550 | 2 Novell, Xen | 2 Suse Linux Enterprise Real Time Extension, Xen | 2025-04-12 | 5.7 MEDIUM | 8.2 HIGH |
|
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
|
|||||
| CVE-2016-7094 | 1 Xen | 1 Xen | 2025-04-12 | 1.5 LOW | 4.1 MEDIUM |
|
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
|
|||||
| CVE-2015-3340 | 5 Debian, Fedoraproject, Opensuse and 2 more | 9 Debian Linux, Fedora, Opensuse and 6 more | 2025-04-12 | 2.9 LOW | N/A |
|
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
|
|||||
| CVE-2015-8552 | 4 Canonical, Debian, Novell and 1 more | 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | 1.7 LOW | 4.4 MEDIUM |
|
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
|
|||||