Skip to main content

Xen

446 CVEs product

Monthly

CVE-2016-6259 MEDIUM PATCH This Month

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Xen Xenserver
NVD
CVSS 3.0
6.2
EPSS
0.3%
CVE-2016-6258 HIGH PATCH This Week

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Authentication Bypass Xen Xenserver
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-5242 MEDIUM This Month

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS. Rated medium severity (CVSS 5.6). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
5.6
EPSS
0.1%
CVE-2016-4963 MEDIUM This Month

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Authentication Bypass Xen
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-4962 MEDIUM This Month

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Vm Server Xen
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2014-3672 MEDIUM This Month

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-4480 HIGH This Week

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vm Server Xen
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2016-3960 HIGH PATCH This Week

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Vm Server
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3961 MEDIUM PATCH This Month

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Ubuntu Linux Xen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8554 HIGH This Week

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Xen
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-8550 HIGH Act Now

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service Authentication Bypass Xen Suse Linux Enterprise Real Time Extension
NVD
CVSS 3.0
8.2
EPSS
16.0%
CVE-2016-3159 LOW PATCH Monitor

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vm Server Xen Fedora Debian Linux
NVD
CVSS 3.0
3.8
EPSS
0.0%
CVE-2016-3158 LOW PATCH Monitor

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora Vm Server
NVD
CVSS 3.0
3.8
EPSS
0.0%
CVE-2015-8555 HIGH PATCH This Week

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xenserver Xen
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2015-8552 MEDIUM This Month

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Ubuntu Linux Debian Linux Suse Linux Enterprise Debuginfo +1
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2016-3157 HIGH PATCH This Week

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Linux Xen Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-2271 MEDIUM PATCH This Month

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Intel Denial Of Service Xen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2270 MEDIUM PATCH This Month

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Fedora Xen Vm Server
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2016-1571 MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver Xen
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-1570 HIGH This Week

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
8.5
EPSS
0.2%
CVE-2015-8615 MEDIUM This Month

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2015-8341 HIGH This Week

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-8340 MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-8339 MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-8338 HIGH This Week

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-7812 MEDIUM PATCH This Month

The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-8104 CRITICAL PATCH Act Now

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Xen Solaris Vm Virtualbox +3
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2015-5307 MEDIUM PATCH This Month

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Xen Vm Virtualbox +2
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-7972 LOW Monitor

The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-7971 LOW Monitor

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-7970 MEDIUM This Month

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-7969 MEDIUM This Month

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns". Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-7835 HIGH This Week

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD GitHub
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-7814 MEDIUM This Month

Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-7813 LOW Monitor

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-7311 LOW Monitor

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2015-6654 LOW PATCH Monitor

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2015-5166 HIGH PATCH This Week

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Fedora Xen
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-5165 CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora Linux Enterprise Debuginfo Linux Enterprise Server +20
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2015-5154 HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen Linux Enterprise Debuginfo Linux Enterprise Desktop +5
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-3259 MEDIUM PATCH This Month

Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Privilege Escalation Buffer Overflow Xen
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4164 MEDIUM This Month

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4163 MEDIUM This Month

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4105 MEDIUM This Month

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4104 HIGH This Week

Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
7.8
EPSS
8.4%
CVE-2015-4103 MEDIUM This Month

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-3456 HIGH POC THREAT Act Now

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.

Denial Of Service RCE Buffer Overflow Qemu Enterprise Virtualization +3
NVD Exploit-DB
CVSS 2.0
7.7
EPSS
32.8%
Threat
4.0
CVE-2015-3340 LOW PATCH Monitor

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2). Rated low severity (CVSS 2.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD
CVSS 2.0
2.9
EPSS
0.6%
CVE-2015-0777 LOW Monitor

drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2756 MEDIUM This Month

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Debian Linux Xen Fedora +1
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-2752 MEDIUM PATCH This Month

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Fedora Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-2751 HIGH PATCH This Week

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Xen Fedora
NVD
CVSS 2.0
7.1
EPSS
1.4%
CVE-2015-2152 LOW PATCH Monitor

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access. Rated low severity (CVSS 1.9).

Privilege Escalation Xen Fedora
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-2151 HIGH PATCH This Week

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Denial Of Service RCE Privilege Escalation Buffer Overflow Fedora +2
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-2150 MEDIUM This Month

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Linux Ubuntu Xen +1
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-2045 LOW PATCH Monitor

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2044 LOW Monitor

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0268 MEDIUM This Month

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-1563 LOW Monitor

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6268 MEDIUM This Month

The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-0361 HIGH PATCH This Week

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-9066 MEDIUM PATCH This Month

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog. Rated medium severity (CVSS 4.7).

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-9065 MEDIUM PATCH This Month

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and. Rated medium severity (CVSS 4.4).

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-8867 MEDIUM PATCH This Month

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop Xen Debian Linux +1
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-8866 MEDIUM PATCH This Month

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7).

Denial Of Service Debian Linux Xen Opensuse
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-9030 HIGH PATCH This Week

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Xen Debian Linux Opensuse
NVD
CVSS 2.0
7.1
EPSS
1.6%
CVE-2014-8595 LOW PATCH Monitor

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a. Rated low severity (CVSS 1.9).

Denial Of Service Debian Linux Xen Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-8594 MEDIUM PATCH This Month

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Denial Of Service Opensuse Debian Linux Xen
NVD
CVSS 2.0
5.4
EPSS
1.3%
CVE-2014-5148 MEDIUM PATCH This Month

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-7188 HIGH PATCH This Week

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 2.0
8.3
EPSS
2.4%
CVE-2014-7156 LOW PATCH Monitor

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
3.3
EPSS
0.8%
CVE-2014-7155 MEDIUM PATCH This Month

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Debian Linux Fedora +1
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2014-7154 MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora Debian Linux Xen +1
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2014-5147 MEDIUM PATCH This Month

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of. Rated medium severity (CVSS 4.3).

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5149 MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-5146 MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-4022 LOW Monitor

The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
2.7
EPSS
0.2%
CVE-2014-4021 LOW PATCH Monitor

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Xen
NVD
CVSS 2.0
2.7
EPSS
0.2%
CVE-2014-3969 HIGH PATCH This Week

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. Rated high severity (CVSS 7.4).

Privilege Escalation Xen
NVD
CVSS 2.0
7.4
EPSS
0.2%
CVE-2014-3968 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-3967 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2014-3717 LOW PATCH Monitor

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-3716 LOW PATCH Monitor

Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Rated low severity (CVSS 1.9).

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-3715 LOW PATCH Monitor

Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-3714 LOW PATCH Monitor

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-3124 MEDIUM PATCH This Month

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
6.7
EPSS
0.5%
CVE-2014-3125 MEDIUM PATCH This Month

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash). Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD VulDB
CVSS 2.0
6.2
EPSS
0.3%
CVE-2014-2986 MEDIUM PATCH This Month

The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD VulDB
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-2915 MEDIUM This Month

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD VulDB
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-2580 MEDIUM PATCH This Month

The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic". Rated medium severity (CVSS 4.4).

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.4
EPSS
0.1%
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Xen Xenserver
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Authentication Bypass Xen Xenserver
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS. Rated medium severity (CVSS 5.6). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Authentication Bypass Xen
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Vm Server +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt Xen
NVD
EPSS 0% CVSS 8.4
HIGH This Week

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vm Server Xen
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Ubuntu Linux +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Xen
NVD
EPSS 16% CVSS 8.2
HIGH Act Now

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service Authentication Bypass Xen +1
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vm Server Xen +2
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora +1
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xenserver Xen
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Ubuntu Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Intel Denial Of Service +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Fedora +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Xen +5
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +4
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns". Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Buffer Overflow Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 3.6
LOW Monitor

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Fedora Xen
NVD
EPSS 13% CVSS 9.3
CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora +22
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen +7
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Privilege Escalation Buffer Overflow Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 8% CVSS 7.8
HIGH This Week

Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD
EPSS 33% 4.0 CVSS 7.7
HIGH POC THREAT Act Now

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.

Denial Of Service RCE Buffer Overflow +5
NVD Exploit-DB
EPSS 1% CVSS 2.9
LOW PATCH Monitor

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2). Rated low severity (CVSS 2.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Suse Linux Enterprise Software Development Kit +7
NVD
EPSS 0% CVSS 2.1
LOW Monitor

drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Debian Linux +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Fedora Xen
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access. Rated low severity (CVSS 1.9).

Privilege Escalation Xen Fedora
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Denial Of Service RCE Privilege Escalation +4
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Linux +3
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog. Rated medium severity (CVSS 4.7).

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and. Rated medium severity (CVSS 4.4).

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7).

Denial Of Service Debian Linux Xen +1
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a. Rated low severity (CVSS 1.9).

Denial Of Service Debian Linux Xen +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Denial Of Service Opensuse Debian Linux +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of. Rated medium severity (CVSS 4.3).

Denial Of Service Privilege Escalation Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
EPSS 0% CVSS 2.7
LOW Monitor

The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Xen
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. Rated high severity (CVSS 7.4).

Privilege Escalation Xen
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Rated low severity (CVSS 1.9).

Denial Of Service Xen
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Privilege Escalation Denial Of Service +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash). Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic". Rated medium severity (CVSS 4.4).

Denial Of Service Xen
NVD VulDB
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy