Skip to main content

Xen

446 CVEs product

Monthly

CVE-2014-1896 MEDIUM PATCH This Month

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore. Rated medium severity (CVSS 4.9).

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1895 MEDIUM PATCH This Month

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a. Rated medium severity (CVSS 5.8).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-1894 MEDIUM PATCH This Month

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1893 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1892 MEDIUM PATCH This Month

Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891,. Rated medium severity (CVSS 5.2). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1891 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-2599 MEDIUM PATCH This Month

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1950 MEDIUM This Month

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-1666 HIGH PATCH This Week

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
8.3
EPSS
3.3%
CVE-2014-1642 MEDIUM This Month

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.2%
CVE-2013-4375 LOW Monitor

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption). Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Xen
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2013-4554 MEDIUM This Month

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
5.2
EPSS
0.2%
CVE-2013-4553 MEDIUM This Month

The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to. Rated medium severity (CVSS 5.2). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.3%
CVE-2013-6400 MEDIUM This Month

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel Denial Of Service Xen
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6375 HIGH This Week

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Intel Denial Of Service Xen Opensuse
NVD
CVSS 2.0
7.9
EPSS
0.6%
CVE-2013-4551 MEDIUM This Month

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
5.7
EPSS
0.4%
CVE-2013-4416 MEDIUM This Month

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. Rated medium severity (CVSS 5.2). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.3%
CVE-2013-4494 MEDIUM This Month

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of. Rated medium severity (CVSS 5.2). No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 2.0
5.2
EPSS
0.3%
CVE-2013-4371 MEDIUM This Month

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-4370 MEDIUM This Month

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-4369 LOW Monitor

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4368 LOW Monitor

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4356 MEDIUM This Month

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-4361 LOW Monitor

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4355 LOW Monitor

Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified. Rated low severity (CVSS 1.5). No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
1.5
EPSS
0.1%
CVE-2013-1442 LOW Monitor

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2013-4329 MEDIUM PATCH This Month

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows. Rated medium severity (CVSS 6.5).

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-3495 MEDIUM This Month

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Intel Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2212 MEDIUM This Month

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-2211 HIGH This Week

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest. Rated high severity (CVSS 7.4). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
7.4
EPSS
0.2%
CVE-2013-2077 MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-2076 MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to. Rated medium severity (CVSS 4.3). No vendor patch available.

Intel Information Disclosure Xen
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-2072 HIGH This Week

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of. Rated high severity (CVSS 7.4). No vendor patch available.

Python Buffer Overflow Denial Of Service Xen Debian Linux
NVD
CVSS 2.0
7.4
EPSS
0.4%
CVE-2013-1432 HIGH PATCH This Week

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service. Rated high severity (CVSS 7.4).

Denial Of Service Xen
NVD
CVSS 2.0
7.4
EPSS
0.4%
CVE-2013-2196 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel,. Rated medium severity (CVSS 6.9).

Information Disclosure Xen
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2195 MEDIUM PATCH This Month

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences". Rated medium severity (CVSS 6.9).

Information Disclosure Xen
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2194 MEDIUM This Month

Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Xen
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2078 MEDIUM This Month

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1964 MEDIUM This Month

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-1952 LOW Monitor

Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which. Rated low severity (CVSS 1.9). No vendor patch available.

Intel Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-1922 LOW Monitor

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-1919 MEDIUM This Month

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1918 MEDIUM This Month

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1917 LOW Monitor

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Intel Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-1920 MEDIUM PATCH This Month

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain. Rated medium severity (CVSS 4.4).

Privilege Escalation Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-0215 MEDIUM This Month

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-0151 MEDIUM This Month

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause. Rated medium severity (CVSS 4.6). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-0153 MEDIUM This Month

The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Amd Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5634 MEDIUM This Month

Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Xen
NVD
CVSS 2.0
6.1
EPSS
0.4%
CVE-2013-0231 MEDIUM This Month

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-0152 MEDIUM This Month

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-0154 LOW Monitor

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6333 MEDIUM This Month

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5525 MEDIUM POC This Month

The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
6.9%
CVE-2012-5515 MEDIUM This Month

The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5514 MEDIUM This Month

The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5513 MEDIUM This Month

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-5511 MEDIUM This Month

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5510 MEDIUM This Month

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-3432 LOW POC Monitor

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
1.4%
CVE-2012-2934 LOW PATCH Monitor

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service. Rated low severity (CVSS 1.9).

Denial Of Service Canonical Amd Xen
NVD
CVSS 2.0
1.9
EPSS
0.2%
CVE-2012-0218 LOW PATCH Monitor

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection. Rated low severity (CVSS 1.9).

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-4538 MEDIUM This Month

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-3433 MEDIUM This Month

Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-6036 MEDIUM This Month

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools,. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6035 MEDIUM This Month

The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-6034 MEDIUM This Month

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6033 MEDIUM This Month

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-6032 MEDIUM This Month

Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-6031 MEDIUM This Month

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-6030 HIGH This Week

The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-4411 MEDIUM This Month

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-3516 MEDIUM PATCH This Month

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3515 HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen Opensuse Linux Enterprise Desktop +9
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-3498 MEDIUM This Month

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2012-3497 MEDIUM This Month

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3496 MEDIUM PATCH This Month

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG. Rated medium severity (CVSS 4.7).

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-3495 MEDIUM This Month

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2012-3494 LOW PATCH Monitor

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4539 LOW Monitor

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4537 LOW Monitor

Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4536 LOW Monitor

The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4535 LOW Monitor

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-4544 LOW Monitor

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-2625 LOW Monitor

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Xen Unstable
NVD
CVSS 2.0
2.7
EPSS
0.3%
CVE-2012-0217 HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow Oracle Canonical +12
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
88.0%
Threat
5.6
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore. Rated medium severity (CVSS 4.9).

Denial Of Service Xen
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a. Rated medium severity (CVSS 5.8).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891,. Rated medium severity (CVSS 5.2). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 3% CVSS 8.3
HIGH PATCH This Week

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD
EPSS 0% CVSS 2.7
LOW Monitor

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption). Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Xen
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Xen
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to. Rated medium severity (CVSS 5.2). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel Denial Of Service +1
NVD
EPSS 1% CVSS 7.9
HIGH This Week

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Intel Denial Of Service +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. Rated medium severity (CVSS 5.2). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of. Rated medium severity (CVSS 5.2). No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service RCE Xen
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 1.5
LOW Monitor

Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified. Rated low severity (CVSS 1.5). No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 1.2
LOW Monitor

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows. Rated medium severity (CVSS 6.5).

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Intel Denial Of Service +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 7.4
HIGH This Week

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest. Rated high severity (CVSS 7.4). No vendor patch available.

Privilege Escalation Xen
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to. Rated medium severity (CVSS 4.3). No vendor patch available.

Intel Information Disclosure Xen
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of. Rated high severity (CVSS 7.4). No vendor patch available.

Python Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service. Rated high severity (CVSS 7.4).

Denial Of Service Xen
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel,. Rated medium severity (CVSS 6.9).

Information Disclosure Xen
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences". Rated medium severity (CVSS 6.9).

Information Disclosure Xen
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which. Rated low severity (CVSS 1.9). No vendor patch available.

Intel Denial Of Service Xen
NVD
EPSS 0% CVSS 3.3
LOW Monitor

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Intel Denial Of Service Xen
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain. Rated medium severity (CVSS 4.4).

Privilege Escalation Xen
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause. Rated medium severity (CVSS 4.6). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Amd Xen
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Linux +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 7% CVSS 4.7
MEDIUM POC This Month

The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 1% CVSS 1.9
LOW POC Monitor

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service. Rated low severity (CVSS 1.9).

Denial Of Service Canonical Amd +1
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection. Rated low severity (CVSS 1.9).

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools,. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Xen
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Citrix +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen +11
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG. Rated medium severity (CVSS 4.7).

Citrix Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Citrix +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
EPSS 0% CVSS 2.7
LOW Monitor

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Xen Unstable
NVD
EPSS 88% 5.6 CVSS 7.2
HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow +14
NVD Exploit-DB
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy