Filtered by vendor Xen
Subscriptions
Filtered by product Xen
Subscriptions
Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1571 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
| The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | ||||
| CVE-2015-8555 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
| Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. | ||||
| CVE-2015-8554 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." | ||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-12 | N/A |
| Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. | ||||
| CVE-2015-5166 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. | ||||
| CVE-2015-8550 | 2 Novell, Xen | 2 Suse Linux Enterprise Real Time Extension, Xen | 2025-04-12 | N/A |
| Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. | ||||
| CVE-2015-8340 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. | ||||
| CVE-2015-2045 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2025-04-12 | N/A |
| The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-5242 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. | ||||
| CVE-2015-7972 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." | ||||
| CVE-2015-8339 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. | ||||
| CVE-2015-7969 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. | ||||
| CVE-2015-8552 | 4 Canonical, Debian, Novell and 1 more | 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | N/A |
| The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." | ||||
| CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||||
| CVE-2015-7812 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. | ||||
| CVE-2015-7311 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | ||||
| CVE-2015-4164 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. | ||||
| CVE-2014-5148 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. | ||||
| CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | ||||
| CVE-2015-4105 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. | ||||