Vulnerabilities (CVE)

Filtered by vendor Xen Subscribe
Total 471 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42316 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2025-05-05 N/A 6.5 MEDIUM
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction
CVE-2022-42318 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2025-05-05 N/A 6.5 MEDIUM
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction
CVE-2022-21166 5 Debian, Fedoraproject, Intel and 2 more 7 Debian Linux, Fedora, Sgx Dcap and 4 more 2025-05-05 2.1 LOW 5.5 MEDIUM
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21127 3 Debian, Intel, Xen 5 Debian Linux, Sgx Dcap, Sgx Psw and 2 more 2025-05-05 2.1 LOW 5.5 MEDIUM
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125 5 Debian, Fedoraproject, Intel and 2 more 7 Debian Linux, Fedora, Sgx Dcap and 4 more 2025-05-05 2.1 LOW 5.5 MEDIUM
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123 5 Debian, Fedoraproject, Intel and 2 more 7 Debian Linux, Fedora, Sgx Dcap and 4 more 2025-05-05 2.1 LOW 5.5 MEDIUM
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-42326 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2025-05-05 N/A 5.5 MEDIUM
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.
CVE-2015-8104 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-23 4.7 MEDIUM 10.0 CRITICAL
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CVE-2016-9816 1 Xen 1 Xen 2025-04-20 4.9 MEDIUM 6.5 MEDIUM
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVE-2017-15590 1 Xen 1 Xen 2025-04-20 4.6 MEDIUM 8.8 HIGH
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-8904 1 Xen 1 Xen 2025-04-20 6.8 MEDIUM 8.8 HIGH
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
CVE-2017-8903 1 Xen 1 Xen 2025-04-20 7.2 HIGH 8.8 HIGH
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
CVE-2017-12136 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2025-04-20 6.9 MEDIUM 7.8 HIGH
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
CVE-2017-12137 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2025-04-20 7.2 HIGH 8.8 HIGH
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
CVE-2015-7504 3 Debian, Qemu, Xen 3 Debian Linux, Qemu, Xen 2025-04-20 4.6 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVE-2017-10922 1 Xen 1 Xen 2025-04-20 5.0 MEDIUM 7.5 HIGH
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
CVE-2017-15589 1 Xen 1 Xen 2025-04-20 2.1 LOW 6.5 MEDIUM
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2016-9932 1 Xen 1 Xen 2025-04-20 2.1 LOW 3.3 LOW
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
CVE-2017-17044 1 Xen 1 Xen 2025-04-20 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
CVE-2017-17565 1 Xen 1 Xen 2025-04-20 4.7 MEDIUM 5.6 MEDIUM
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.