Filtered by vendor Xen
Subscribe
Total
491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2078 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. | |||||
| CVE-2013-4371 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
| Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4537 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
| Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | |||||
| CVE-2013-2077 | 1 Xen | 1 Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
| Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. | |||||
| CVE-2012-3433 | 1 Xen | 1 Xen | 2025-04-11 | 4.9 MEDIUM | N/A |
| Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. | |||||
| CVE-2014-1666 | 1 Xen | 1 Xen | 2025-04-11 | 8.3 HIGH | N/A |
| The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2012-3516 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
| The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | |||||
| CVE-2011-1166 | 1 Xen | 1 Xen | 2025-04-11 | 5.5 MEDIUM | N/A |
| Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. | |||||
| CVE-2012-4536 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
| The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. | |||||
| CVE-2013-4329 | 1 Xen | 1 Xen | 2025-04-11 | 6.5 MEDIUM | N/A |
| The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | |||||
| CVE-2012-0217 | 8 Citrix, Freebsd, Illumos and 5 more | 11 Xenserver, Freebsd, Illumos and 8 more | 2025-04-11 | 7.2 HIGH | N/A |
| The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. | |||||
| CVE-2013-4554 | 1 Xen | 1 Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
| Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. | |||||
| CVE-2013-4356 | 1 Xen | 1 Xen | 2025-04-11 | 5.4 MEDIUM | N/A |
| Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | |||||
| CVE-2014-1642 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
| The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. | |||||
| CVE-2013-2072 | 2 Debian, Xen | 2 Debian Linux, Xen | 2025-04-11 | 7.4 HIGH | N/A |
| Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. | |||||
| CVE-2013-6400 | 1 Xen | 1 Xen | 2025-04-11 | 6.8 MEDIUM | N/A |
| Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. | |||||
| CVE-2011-3131 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
| Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. | |||||
| CVE-2013-2076 | 1 Xen | 1 Xen | 2025-04-11 | 4.3 MEDIUM | N/A |
| Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | |||||
| CVE-2012-0218 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
| Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. | |||||
| CVE-2013-1917 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
| Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. | |||||