Vulnerabilities (CVE)

Filtered by vendor Xen Subscribe
Total 470 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2986 1 Xen 1 Xen 2025-04-12 5.5 MEDIUM N/A
The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.
CVE-2015-5154 4 Fedoraproject, Qemu, Suse and 1 more 8 Fedora, Qemu, Linux Enterprise Debuginfo and 5 more 2025-04-12 7.2 HIGH N/A
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
CVE-2015-0777 2 Linux, Xen 2 Linux Kernel, Xen 2025-04-12 2.1 LOW N/A
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
CVE-2015-8552 4 Canonical, Debian, Novell and 1 more 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more 2025-04-12 1.7 LOW 4.4 MEDIUM
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
CVE-2014-1894 1 Xen 1 Xen 2025-04-12 5.2 MEDIUM N/A
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.
CVE-2015-3456 3 Qemu, Redhat, Xen 5 Qemu, Enterprise Linux, Enterprise Virtualization and 2 more 2025-04-12 7.7 HIGH N/A
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
CVE-2015-7814 1 Xen 1 Xen 2025-04-12 4.7 MEDIUM N/A
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.
CVE-2015-7969 1 Xen 1 Xen 2025-04-12 4.9 MEDIUM N/A
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
CVE-2015-7311 1 Xen 1 Xen 2025-04-12 3.6 LOW N/A
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
CVE-2014-1896 1 Xen 1 Xen 2025-04-12 4.9 MEDIUM N/A
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
CVE-2014-7156 1 Xen 1 Xen 2025-04-12 3.3 LOW N/A
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.
CVE-2016-3159 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Vm Server and 1 more 2025-04-12 1.7 LOW 3.8 LOW
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
CVE-2014-3124 1 Xen 1 Xen 2025-04-12 6.7 MEDIUM N/A
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
CVE-2014-6268 1 Xen 1 Xen 2025-04-12 4.9 MEDIUM N/A
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.
CVE-2014-8867 4 Debian, Opensuse, Redhat and 1 more 5 Debian Linux, Opensuse, Enterprise Linux and 2 more 2025-04-12 4.9 MEDIUM N/A
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
CVE-2015-4164 1 Xen 1 Xen 2025-04-12 4.9 MEDIUM N/A
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
CVE-2014-8866 3 Debian, Opensuse, Xen 3 Debian Linux, Opensuse, Xen 2025-04-12 4.7 MEDIUM N/A
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
CVE-2015-4104 1 Xen 1 Xen 2025-04-12 7.8 HIGH N/A
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
CVE-2014-3967 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-12 5.5 MEDIUM N/A
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
CVE-2015-2752 2 Fedoraproject, Xen 2 Fedora, Xen 2025-04-12 4.9 MEDIUM N/A
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).