Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5307 | 5 Canonical, Debian, Linux and 2 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2025-04-12 | 4.9 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | |||||
| CVE-2014-1893 | 1 Xen | 1 Xen | 2025-04-12 | 5.2 MEDIUM | N/A |
| Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | |||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
| Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. | |||||
| CVE-2014-3124 | 1 Xen | 1 Xen | 2025-04-12 | 6.7 MEDIUM | N/A |
| The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. | |||||
| CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
| The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | |||||
| CVE-2014-9065 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.4 MEDIUM | N/A |
| common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. | |||||
| CVE-2011-3346 | 3 Qemu, Redhat, Xen | 3 Qemu, Enterprise Linux, Xen | 2025-04-12 | 4.0 MEDIUM | N/A |
| Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. | |||||
| CVE-2014-8867 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Opensuse, Enterprise Linux and 2 more | 2025-04-12 | 4.9 MEDIUM | N/A |
| The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | |||||
| CVE-2015-7971 | 1 Xen | 1 Xen | 2025-04-12 | 2.1 LOW | N/A |
| Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. | |||||
| CVE-2014-5147 | 1 Xen | 1 Xen | 2025-04-12 | 4.3 MEDIUM | N/A |
| Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | |||||
| CVE-2016-7094 | 1 Xen | 1 Xen | 2025-04-12 | 1.5 LOW | 4.1 MEDIUM |
| Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. | |||||
| CVE-2016-7777 | 1 Xen | 1 Xen | 2025-04-12 | 3.3 LOW | 6.3 MEDIUM |
| Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | |||||
| CVE-2014-7188 | 1 Xen | 1 Xen | 2025-04-12 | 8.3 HIGH | N/A |
| The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. | |||||
| CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
| The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |||||
| CVE-2015-8552 | 4 Canonical, Debian, Novell and 1 more | 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | 1.7 LOW | 4.4 MEDIUM |
| The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." | |||||
| CVE-2014-6268 | 1 Xen | 1 Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
| The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU. | |||||
| CVE-2014-1895 | 1 Xen | 1 Xen | 2025-04-12 | 5.8 MEDIUM | N/A |
| Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. | |||||
| CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
| The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||||
| CVE-2014-5146 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
| Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. | |||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
| The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||