Filtered by vendor Xen
Subscriptions
Filtered by product Xen
Subscriptions
Total
480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3969 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. | ||||
| CVE-2014-9065 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | N/A |
| common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. | ||||
| CVE-2015-8554 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." | ||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-12 | N/A |
| Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. | ||||
| CVE-2015-8341 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. | ||||
| CVE-2015-7972 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." | ||||
| CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||||
| CVE-2015-8338 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2025-04-12 | N/A |
| The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | ||||
| CVE-2015-7311 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | ||||
| CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-04-12 | N/A |
| drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | ||||
| CVE-2015-4164 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. | ||||
| CVE-2014-7154 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2025-04-12 | N/A |
| Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. | ||||
| CVE-2014-9066 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | N/A |
| Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. | ||||
| CVE-2015-1563 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | ||||
| CVE-2015-4163 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version. | ||||
| CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | ||||
| CVE-2015-2751 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | ||||
| CVE-2014-1891 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. | ||||
| CVE-2016-2270 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2025-04-12 | N/A |
| Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | ||||