Filtered by vendor Xen
Subscribe
Total
469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8104 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-23 | 4.7 MEDIUM | 10.0 CRITICAL |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | |||||
| CVE-2016-9816 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | |||||
| CVE-2017-15590 | 1 Xen | 1 Xen | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | |||||
| CVE-2017-8904 | 1 Xen | 1 Xen | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214. | |||||
| CVE-2017-8903 | 1 Xen | 1 Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. | |||||
| CVE-2017-12136 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | |||||
| CVE-2017-12137 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |||||
| CVE-2015-7504 | 3 Debian, Qemu, Xen | 3 Debian Linux, Qemu, Xen | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | |||||
| CVE-2017-10922 | 1 Xen | 1 Xen | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | |||||
| CVE-2017-15589 | 1 Xen | 1 Xen | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. | |||||
| CVE-2016-9932 | 1 Xen | 1 Xen | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | |||||
| CVE-2017-17044 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | |||||
| CVE-2017-17565 | 1 Xen | 1 Xen | 2025-04-20 | 4.7 MEDIUM | 5.6 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. | |||||
| CVE-2017-15593 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. | |||||
| CVE-2017-15595 | 1 Xen | 1 Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. | |||||
| CVE-2016-10013 | 1 Xen | 1 Xen | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. | |||||
| CVE-2017-14319 | 1 Xen | 1 Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. | |||||
| CVE-2016-9815 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||||
| CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2025-04-20 | 1.7 LOW | 3.8 LOW |
| Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | |||||
| CVE-2017-15591 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | |||||