Skip to main content

Xen

446 CVEs product

Monthly

CVE-2021-28710 HIGH This Week

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Xen Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-28702 HIGH This Week

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Xen Fedora Debian Linux
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2021-28701 HIGH This Week

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Race Condition Xen Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28700 MEDIUM This Month

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28699 MEDIUM This Month

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28698 MEDIUM This Month

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-28697 HIGH This Week

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28696 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28695 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28694 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28693 MEDIUM This Month

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-28692 HIGH This Week

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Amd Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-28690 MEDIUM PATCH This Month

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-28689 MEDIUM This Month

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28687 MEDIUM This Month

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-26314 MEDIUM POC This Month

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xen Cortex A72 Bcm2711 Core I7 10700K +4
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-26313 MEDIUM This Month

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Cortex A72 Bcm2711 Core I7 10700K +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-28039 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Xen Cloud Backup +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-27379 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26933 MEDIUM PATCH This Month

An issue was discovered in Xen 4.9 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3308 MEDIUM PATCH This Month

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-29486 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-29485 MEDIUM PATCH This Month

An issue was discovered in Xen 4.6 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-29484 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-29483 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Xen Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-29482 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-29481 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29480 LOW PATCH Monitor

An issue was discovered in Xen through 4.14.x. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2020-29479 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Authentication Bypass Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29571 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-29570 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-29569 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Xen +5
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-29568 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-29567 MEDIUM PATCH This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-29566 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-29040 HIGH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-28368 MEDIUM PATCH This Month

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xen Fedora Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-27674 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen Fedora Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-27673 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-27672 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-27671 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing. Rated high severity (CVSS 7.8).

Denial Of Service Xen Leap Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27670 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-25604 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen Fedora Debian Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-25603 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25602 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-25601 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25600 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25599 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-25598 MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25597 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-25596 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-25595 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen Fedora Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15852 HIGH PATCH This Week

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Linux Privilege Escalation Linux Kernel Xen Cloud Backup +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15567 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation Intel Amd +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15566 MEDIUM This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15565 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Intel Amd Xen +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-15564 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15563 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Debian Linux Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-11743 MEDIUM POC PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-11742 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11741 HIGH PATCH This Week

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-11740 MEDIUM PATCH This Month

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11739 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Privilege Escalation Xen Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-19583 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-19582 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-19581 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-19580 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen Fedora
NVD
CVSS 3.1
6.6
EPSS
1.2%
CVE-2019-19578 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Xen Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19577 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Privilege Escalation Denial Of Service Intel Amd Xen +1
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-19579 MEDIUM This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xen Fedora
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-18425 CRITICAL PATCH Act Now

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18424 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Xen Debian Linux Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-18423 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-18422 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-18421 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-18420 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-17349 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-17348 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-17347 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17346 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-17345 MEDIUM This Month

An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-17344 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-17343 MEDIUM This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-17342 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-17341 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-17340 HIGH This Week

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-17351 MEDIUM PATCH This Month

An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Xen Linux Kernel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-17350 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Xen Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-19967 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Intel Denial Of Service Xen Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-19966 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH This Week

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Xen Fedora
NVD
EPSS 0% CVSS 7.6
HIGH This Week

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Xen +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Race Condition Xen +2
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Xen +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 7.1
HIGH This Week

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Amd +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xen
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Xen
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xen Cortex A72 +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Cortex A72 +6
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Denial Of Service Xen +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen 4.9 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Xen Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen 4.6 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux +1
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

An issue was discovered in Xen through 4.14.x. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Xen +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Authentication Bypass Xen +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +7
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xen Fedora +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +3
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing. Rated high severity (CVSS 7.8).

Denial Of Service Xen Leap +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Linux Privilege Escalation Linux Kernel +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Intel +5
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Privilege Escalation +4
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen +1
NVD
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Xen +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Privilege Escalation Denial Of Service Intel +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xen Fedora
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Xen +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Denial Of Service Xen +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen +3
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Xen +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Xen +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Xen +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Intel Denial Of Service Xen +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy