Filtered by vendor Xen
Subscriptions
Filtered by product Xen
Subscriptions
Total
471 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-7093 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. | ||||
CVE-2015-7814 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. | ||||
CVE-2015-2151 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-04-12 | N/A |
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. | ||||
CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | ||||
CVE-2016-7094 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. | ||||
CVE-2015-2150 | 3 Linux, Ubuntu, Xen | 3 Linux Kernel, Ubuntu, Xen | 2025-04-12 | N/A |
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | ||||
CVE-2015-1563 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | ||||
CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | N/A |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | ||||
CVE-2015-4163 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version. | ||||
CVE-2014-8866 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | N/A |
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. | ||||
CVE-2015-4164 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. | ||||
CVE-2015-2152 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | ||||
CVE-2014-8867 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Opensuse, Enterprise Linux and 2 more | 2025-04-12 | N/A |
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | ||||
CVE-2015-7311 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | ||||
CVE-2016-3961 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2025-04-12 | N/A |
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. | ||||
CVE-2015-2751 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | ||||
CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | ||||
CVE-2015-2756 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | N/A |
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | ||||
CVE-2015-7969 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. | ||||
CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. |