Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4368 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
| The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. | |||||
| CVE-2012-5513 | 1 Xen | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
| The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. | |||||
| CVE-2012-6032 | 1 Xen | 1 Xen | 2025-04-11 | 4.9 MEDIUM | N/A |
| Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 6.1 MEDIUM | N/A |
| The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2014-1950 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
| Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2013-2194 | 1 Xen | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. | |||||
| CVE-2012-3515 | 7 Canonical, Debian, Opensuse and 4 more | 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more | 2025-04-11 | 7.2 HIGH | N/A |
| Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." | |||||
| CVE-2012-5510 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. | |||||
| CVE-2011-2519 | 2 Redhat, Xen | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2025-04-11 | 5.5 MEDIUM | N/A |
| Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. | |||||
| CVE-2013-1918 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." | |||||
| CVE-2011-1936 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
| Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors. | |||||
| CVE-2012-2934 | 1 Xen | 1 Xen | 2025-04-11 | 1.9 LOW | N/A |
| Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217. | |||||
| CVE-2013-4553 | 1 Xen | 1 Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
| The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). | |||||
| CVE-2012-6333 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | |||||
| CVE-2013-6375 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | 7.9 HIGH | N/A |
| Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." | |||||
| CVE-2012-5515 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. | |||||
| CVE-2012-4544 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
| The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. | |||||
| CVE-2013-1964 | 1 Xen | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
| Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | |||||
| CVE-2012-3496 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | |||||
| CVE-2013-4494 | 2 Debian, Xen | 2 Debian Linux, Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
| Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. | |||||