Total
467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5149 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
| Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. | |||||
| CVE-2016-3157 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | |||||
| CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | 7.2 HIGH | N/A |
| The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | |||||
| CVE-2014-3968 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 5.5 MEDIUM | N/A |
| The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. | |||||
| CVE-2016-7154 | 1 Xen | 1 Xen | 2025-04-12 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. | |||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
| The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
| CVE-2015-2045 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2025-04-12 | 2.1 LOW | N/A |
| The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | 1.7 LOW | 3.8 LOW |
| The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2014-7155 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2025-04-12 | 5.8 MEDIUM | N/A |
| The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | |||||
| CVE-2016-3961 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. | |||||
| CVE-2015-0361 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 7.8 HIGH | N/A |
| Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. | |||||
| CVE-2014-3717 | 1 Xen | 1 Xen | 2025-04-12 | 3.3 LOW | N/A |
| Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. | |||||
| CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
| Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
| CVE-2014-1891 | 1 Xen | 1 Xen | 2025-04-12 | 5.2 MEDIUM | N/A |
| Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. | |||||
| CVE-2015-7813 | 1 Xen | 1 Xen | 2025-04-12 | 2.1 LOW | N/A |
| Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c. | |||||
| CVE-2016-4963 | 1 Xen | 1 Xen | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
| The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | |||||
| CVE-2014-5146 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
| Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. | |||||
| CVE-2015-2044 | 1 Xen | 1 Xen | 2025-04-12 | 2.1 LOW | N/A |
| The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. | |||||
| CVE-2015-8550 | 2 Novell, Xen | 2 Suse Linux Enterprise Real Time Extension, Xen | 2025-04-12 | 5.7 MEDIUM | 8.2 HIGH |
| Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. | |||||
| CVE-2015-5165 | 7 Arista, Debian, Fedoraproject and 4 more | 24 Eos, Debian Linux, Fedora and 21 more | 2025-04-12 | 9.3 HIGH | N/A |
| The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | |||||