Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an. Rated low severity (CVSS 1.9). No vendor patch available.