Filtered by vendor Xen
Subscriptions
Filtered by product Xen
Subscriptions
Total
485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6654 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | ||||
| CVE-2014-2986 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. | ||||
| CVE-2014-1893 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | ||||
| CVE-2015-5307 | 6 Canonical, Debian, Linux and 3 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2025-04-12 | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | ||||
| CVE-2015-5165 | 7 Arista, Debian, Fedoraproject and 4 more | 25 Eos, Debian Linux, Fedora and 22 more | 2025-04-12 | N/A |
| The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | ||||
| CVE-2015-4105 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. | ||||
| CVE-2014-1895 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. | ||||
| CVE-2015-2152 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | ||||
| CVE-2013-4369 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. | ||||
| CVE-2013-2196 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. | ||||
| CVE-2014-1666 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. | ||||
| CVE-2013-2078 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. | ||||
| CVE-2012-4544 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-11 | N/A |
| The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. | ||||
| CVE-2013-6375 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | N/A |
| Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." | ||||
| CVE-2012-5511 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. | ||||
| CVE-2012-6333 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | ||||
| CVE-2012-4539 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability." | ||||
| CVE-2012-4538 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. | ||||
| CVE-2013-1918 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." | ||||
| CVE-2013-4356 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | ||||