Total
489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1763 | 1 Xen | 1 Xen | 2025-04-11 | 7.7 HIGH | N/A |
|
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
|
|||||
| CVE-2013-2195 | 1 Xen | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.
|
|||||
| CVE-2013-0154 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
|
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
|
|||||
| CVE-2011-1936 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
|
Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.
|
|||||
| CVE-2012-4539 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
|
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."
|
|||||
| CVE-2012-6032 | 1 Xen | 1 Xen | 2025-04-11 | 4.9 MEDIUM | N/A |
|
Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
|
|||||
| CVE-2013-1918 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
|
Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."
|
|||||
| CVE-2012-3432 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
|
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
|
|||||
| CVE-2013-4375 | 2 Qemu, Xen | 2 Qemu, Xen | 2025-04-11 | 2.7 LOW | N/A |
|
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
|
|||||
| CVE-2014-1642 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.
|
|||||
| CVE-2013-2196 | 1 Xen | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.
|
|||||
| CVE-2013-4329 | 1 Xen | 1 Xen | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.
|
|||||
| CVE-2013-3495 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
|
The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).
|
|||||
| CVE-2013-4553 | 1 Xen | 1 Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
|
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
|
|||||
| CVE-2013-4361 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
|
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
|
|||||
| CVE-2012-6036 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others ...
Show More |
|||||
| CVE-2012-3496 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
|
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.
|
|||||
| CVE-2013-4369 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
|
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
|
|||||
| CVE-2012-3515 | 7 Canonical, Debian, Opensuse and 4 more | 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
|
|||||
| CVE-2013-4551 | 1 Xen | 1 Xen | 2025-04-11 | 5.7 MEDIUM | N/A |
|
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
|
|||||
| CVE-2012-3494 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 2.1 LOW | N/A |
|
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
|
|||||
| CVE-2013-1952 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
|
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.
|
|||||
| CVE-2014-1950 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
|
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
|
|||||
| CVE-2012-3516 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.
|
|||||
| CVE-2013-2077 | 1 Xen | 1 Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
|
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.
|
|||||
| CVE-2012-0218 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
|
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.
|
|||||
| CVE-2013-1922 | 1 Xen | 1 Xen | 2025-04-11 | 3.3 LOW | N/A |
|
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
|
|||||
| CVE-2013-4494 | 2 Debian, Xen | 2 Debian Linux, Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
|
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
|
|||||
| CVE-2012-3498 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 5.6 MEDIUM | N/A |
|
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.
|
|||||
| CVE-2012-4536 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
|
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.
|
|||||
| CVE-2013-6375 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | 7.9 HIGH | N/A |
|
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."
|
|||||
| CVE-2012-6033 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
|
|||||
| CVE-2012-4544 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
|
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
|
|||||
| CVE-2012-6034 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has be ...
Show More |
|||||
| CVE-2013-2194 | 1 Xen | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
|
|||||
| CVE-2012-6030 | 1 Xen | 1 Xen | 2025-04-11 | 7.2 HIGH | N/A |
|
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
|
|||||
| CVE-2013-1442 | 1 Xen | 1 Xen | 2025-04-11 | 1.2 LOW | N/A |
|
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
|
|||||
| CVE-2013-0231 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-6400 | 1 Xen | 1 Xen | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
|
|||||
| CVE-2013-0151 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.
|
|||||