CRITICAL10.0CVE-2017-10921The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, wh… from 0, < 4.8.1-1+deb9u3
CRITICAL10.0CVE-2017-10920The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_hos… from 0, < 4.8.1-1+deb9u3
CRITICAL10.0Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host…
from 0, < 4.8.1-1+deb9u3
CRITICAL10.0xen - security update
from 0, < 4.1.6.lts1-9
CRITICAL10.0xen - security update
from 0, < 4.4.1-9+deb8u10
CRITICAL10.0xen - security update
from 0, < 4.8.1-1+deb9u3
CRITICAL10.0The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host…
from 0, < 4.8.0~rc3-1
CRITICAL9.9qemu-kvm - security update
from 0, < 4.4.0-1
CRITICAL9.9qemu-kvm - security update
from 0, < 4.1.6.lts1-12
CRITICAL9.9Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
from 0, < 4.4.0-1
CRITICAL9.9An issue was discovered in Xen 4.7 through 4.10.x.
from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
CRITICAL9.8[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
from 0
CRITICAL9.8[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
from 0
CRITICAL9.8[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
from 0
CRITICAL9.8An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descrip…
from 0, < 4.11.3+24-g14b62ab3e5-1
CRITICAL9.8The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows ba…
from 0, < 4.8.1-1+deb9u3
CRITICAL9.1Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex…
from 0
CRITICAL9.1An issue was discovered in Xen through 4.9.x.
from 0, < 4.8.2+xsa245-0+deb9u1
CRITICAL9.1Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of servic…
from 0, < 4.8.1-1+deb9u3
CRITICAL9.0The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest…
from 0, < 4.8.1-1+deb9u3
HIGH8.8Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing.
from 0
HIGH8.8Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during…
from 0, < 4.14.5+86-g1c354767d5-1
HIGH8.8xen - security update
from 0, < 4.14.5+86-g1c354767d5-1
HIGH8.8xen - security update
from 0, < 4.14.5+86-g1c354767d5-1
HIGH8.8PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH8.8PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH8.8PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH8.8An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
HIGH8.8xen - security update
from 0, < 4.14.0+88-g1d1d1f5391-1
HIGH8.8xen - security update
from 0, < 4.11.4+57-g41a822c392-2
HIGH8.8An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data…
from 0, < 4.14.0+88-g1d1d1f5391-1
HIGH8.8An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain…
from 0, < 4.11.4+24-gddaaccbbab-1
HIGH8.8An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information…
from 0, < 4.11.4-1
HIGH8.8An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear p…
from 0, < 4.11.3+24-g14b62ab3e5-1
HIGH8.8An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercal…
from 0, < 4.11.3+24-g14b62ab3e5-1
HIGH8.8An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the…
from 0, < 4.11.3+24-g14b62ab3e5-1
HIGH8.8An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an…
from 0, < 4.11.1+92-g6c33308a8d-1
HIGH8.8An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-tab…
from 0, < 4.11.1+92-g6c33308a8d-1
HIGH8.8An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain…
from 0, < 4.11.1-1
HIGH8.8An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of s…
from 0, < 4.11.1-1
HIGH8.8An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt num…
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
HIGH8.8An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by…
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
HIGH8.8An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, o…
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consum…
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain pri…
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8xen - security update
from 0, < 4.4.4lts3-0+deb8u1
HIGH8.8xen - security update
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain p…
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8A grant unmapping issue was discovered in Xen through 4.9.x.
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8xen - security update
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8xen - security update
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH8.8xen - security update
from 0, < 4.4.4lts2-0+deb8u1
HIGH8.8arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
from 0, < 4.8.1-1+deb9u3
HIGH8.8Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vector…
from 0, < 4.8.1-1+deb9u3
HIGH8.8Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the…
from 0, < 4.8.0~rc3-1
HIGH8.8Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which mi…
from 0, < 4.8.1-1+deb9u1
HIGH8.8Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitr…
from 0, < 4.8.1-1+deb9u1
HIGH8.8Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive info…
from 0, < 4.8.0-1
HIGH8.8The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges b…
from 0, < 4.8.0~rc3-1
HIGH8.8qemu - security update
from 0, < 4.4.0-1
HIGH8.8Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly…
from 0, < 4.8.0~rc3-1
HIGH8.6x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…
from 0, < 4.14.5+94-ge49571868d-1
HIGH8.6guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hyperca…
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH8.6Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage gues…
from 0, < 4.8.0~rc3-1
HIGH8.5The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive inf…
from 0, < 4.8.0~rc3-1
HIGH8.4The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table…
from 0, < 4.8.0~rc3-1
HIGH8.2xen - security update
from 0, < 4.8.1-1
HIGH8.2xen - security update
from 0, < 4.1.6.lts1-6
HIGH8.2xen - security update
from 0, < 4.8.0~rc3-1
HIGH8.2xen - security update
from 0, < 4.1.6.lts1-2
HIGH8.2xen - security update
from 0, < 4.4.1-9+deb8u7
HIGH8.2Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain…
from 0, < 4.8.0~rc3-1
HIGH8.1The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial o…
from 0, < 4.8.1-1+deb9u3
HIGH7.9xen - security update
from 0, < 4.1.6.lts1-4
HIGH7.9xen - security update
from 0, < 4.8.0-1
HIGH7.8The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a gr…
from 0
HIGH7.8The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple mo…
from 0
HIGH7.8The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices w…
from 0
HIGH7.8[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage…
from 0
HIGH7.8For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.
from 0
HIGH7.8x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted…
from 0, < 4.17.1+2-gb773c48e36-1
HIGH7.8x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Pa…
from 0, < 4.14.5+94-ge49571868d-1
HIGH7.8IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.8IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.8IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.8IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.8xen - security update
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.8xen - security update
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.8issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/…
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH7.8issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/…
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH7.8Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
from 0, < 4.14.3-1~deb11u1
HIGH7.8grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.
from 0, < 4.14.3-1~deb11u1
HIGH7.8An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possi…
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.8An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause…
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.8xen - security update
from 0, < 4.11.4+57-g41a822c392-1
HIGH7.8xen - security update
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.8An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.8xen - security update
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.8xen - security update
from 0, < 4.11.4+37-g3263f257ca-1
HIGH7.8An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non…
from 0, < 4.11.4+24-gddaaccbbab-1
HIGH7.8xen - security update
from 0, < 4.11.4+24-gddaaccbbab-1~deb10u1
HIGH7.8xen - security update
from 0, < 4.11.4-1
HIGH7.8An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a gues…
from 0, < 4.11.1+92-g6c33308a8d-1
HIGH7.8An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…
from 0, < 4.11.1+92-g6c33308a8d-1
HIGH7.8An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privi…
from 0, < 4.11.1-1
HIGH7.8An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because sma…
from 0, < 4.11.1-1
HIGH7.8xen - security update
from 0, < 4.4.4lts5-0+deb8u1
HIGH7.8xen - security update
from 0, < 4.11.1-1
HIGH7.8xen - security update
from 0, < 4.8.5+shim4.10.2+xsa282-1+deb9u11
HIGH7.8A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the…
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
HIGH7.8An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privil…
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
HIGH7.8An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privilege…
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
HIGH7.8xen - security update
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1
HIGH7.8xen - security update
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
HIGH7.8xen - security update
from 0, < 4.8.2+xsa245-0+deb9u1
HIGH7.8xen - security update
from 0, < 4.1.6.lts1-10
HIGH7.8Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free l…
from 0, < 4.8.1-1+deb9u3
HIGH7.8xen - security update
from 0, < 4.1.6.lts1-5
HIGH7.8xen - security update
from 0, < 4.4.1-9+deb8u9
HIGH7.8xen - security update
from 0, < 4.8.0-1
HIGH7.8The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest user…
from 0, < 4.8.0-1
HIGH7.8Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or ca…
from 0, < 4.8.0-1
HIGH7.6xen - security update
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH7.6xen - security update
from 0, < 4.14.3+32-g9de3671772-1~deb11u1
HIGH7.5When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have.
from 0
HIGH7.5[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Virid…
from 0
HIGH7.5[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Virid…
from 0
HIGH7.5[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
from 0
HIGH7.5[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
from 0
HIGH7.5When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required.
from 0
HIGH7.5When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective g…
from 0
HIGH7.5Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Inte…
from 0
HIGH7.5An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors.
from 0
HIGH7.5Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used.
from 0
HIGH7.5Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g.
from 0, < 4.17.0+24-g2f8851c37f-2
HIGH7.5An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX…
from 0, < 4.11.3+24-g14b62ab3e5-1
HIGH7.5An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pa…
from 0, < 4.11.3+24-g14b62ab3e5-1
HIGH7.5The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of serv…
from 0, < 4.8.1-1+deb9u3
HIGH7.5The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection…
from 0, < 4.8.1-1+deb9u3
HIGH7.5The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest…
from 0, < 4.4.0-1
HIGH7.5Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka…
from 0, < 4.4.0-1
HIGH7.5The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to…
from 0, < 4.8.0-1
HIGH7.5Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 H…
from 0, < 4.4.0-1
HIGH7.3In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register.
from 0
HIGH7.2An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges…
from 0, < 4.11.3+24-g14b62ab3e5-1
HIGH7.1Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobber…
from 0
HIGH7.1x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and wr…
from 0, < 4.16.2+90-g0d39a6d1ae-1
HIGH7.1Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
from 0
HIGH7.1Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
from 0
HIGH7.1Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
from 0
HIGH7.1Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
from 0
HIGH7.1inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) is…
from 0, < 4.14.2+25-gb6a8c4f72d-1
HIGH7.0Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
from 0, < 4.14.5+86-g1c354767d5-1
HIGH7.0race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide.
from 0, < 4.14.4+74-gd7b22226b5-1
HIGH7.0grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of m…
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.0An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or…
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.0An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
HIGH7.0An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM6.8IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities cor…
from 0, < 4.14.3-1~deb11u1
MEDIUM6.8IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities cor…
from 0, < 4.14.3-1~deb11u1
MEDIUM6.8xen - security update
from 0, < 4.14.3-1~deb11u1
MEDIUM6.8xen - security update
from 0, < 4.14.3-1~deb11u1
MEDIUM6.8An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domai…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.8An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domai…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.8An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM6.8Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings…
from 0, < 4.8.0~rc3-1
MEDIUM6.7x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM6.7x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM6.7Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service…
from 0, < 4.6.0-1
MEDIUM6.7The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption…
from 0, < 4.8.0~rc3-1
MEDIUM6.6An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pa…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.5Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.
from 0
MEDIUM6.5The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode.
from 0
MEDIUM6.5Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes.
from 0
MEDIUM6.5Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET).
from 0
MEDIUM6.5xen - security update
from 0, < 4.17.5+23-ga4e5191dc0-1
MEDIUM6.5xen - security update
from 0
MEDIUM6.5x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…
from 0, < 4.14.5+94-ge49571868d-1
MEDIUM6.5Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate qui…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size.
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM6.5Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosur…
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM6.5Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-depen…
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM6.5x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability.
from 0, < 4.14.2+25-gb6a8c4f72d-1
MEDIUM6.5xen - security update
from 0, < 4.14.2+25-gb6a8c4f72d-1
MEDIUM6.5xen - security update
from 0, < 4.11.4+107-gef32c7afa2-1
MEDIUM6.5An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.5An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM6.5An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in even…
from 0, < 4.11.4+24-gddaaccbbab-1
MEDIUM6.5An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check…
from 0, < 4.11.4+24-gddaaccbbab-1
MEDIUM6.5An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash.
from 0, < 4.11.4+24-gddaaccbbab-1
MEDIUM6.5An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.5An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) becaus…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.5xen - security update
from 0, < 4.8.5.final+shim4.10.4-1+deb9u12
MEDIUM6.5xen - security update
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.5intel-microcode - security update
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.5An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall.
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM6.5An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility bet…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM6.5An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of fail…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM6.5An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running oper…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM6.5An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) be…
from 0, < 4.11.1-1
MEDIUM6.5An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains…
from 0, < 4.11.1-1
MEDIUM6.5An issue was discovered in Xen through 4.11.x.
from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
MEDIUM6.5An issue was discovered in Xen through 4.11.x.
from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
MEDIUM6.5An issue was discovered in Xen through 4.10.x.
from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
MEDIUM6.5xen - security update
from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
MEDIUM6.5xen - security update
from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
MEDIUM6.5xen - security update
from 0, < 4.4.4lts4-0+deb8u1
MEDIUM6.5xen - security update
from 0, < 4.1.6.lts1-14
MEDIUM6.5xen - security update
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
MEDIUM6.5An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hyp…
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
MEDIUM6.5An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference…
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
MEDIUM6.5xen - security update
from 0, < 4.1.6.lts1-13
MEDIUM6.5xen - security update
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
MEDIUM6.5xen - security update
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
MEDIUM6.5An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a…
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM6.5xen - security update
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM6.5xen - security update
from 0, < 4.1.6.lts1-11
MEDIUM6.5An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference co…
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM6.5An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of…
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM6.5An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitr…
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM6.5An issue was discovered in Xen 4.5.x through 4.9.x.
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM6.5Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use.
from 0, < 4.8.1-1+deb9u3
MEDIUM6.5Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service…
from 0, < 4.8.1-1+deb9u3
MEDIUM6.5Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka…
from 0, < 4.8.1-1+deb9u3
MEDIUM6.5Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort whi…
from 0, < 4.8.0-1
MEDIUM6.5Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetc…
from 0, < 4.8.0-1
MEDIUM6.5Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort whi…
from 0, < 4.8.0-1
MEDIUM6.5Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
from 0, < 4.8.0-1
MEDIUM6.5Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
from 0, < 4.8.0-1
MEDIUM6.5xen - security update
from 0, < 4.1.6.lts1-1
MEDIUM6.5xen - security update
from 0, < 4.4.0-1
MEDIUM6.4x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM6.3xen - security update
from 0, < 4.4.1-9+deb8u8
MEDIUM6.3xen - security update
from 0, < 4.1.6.lts1-3
MEDIUM6.3xen - security update
from 0, < 4.8.0~rc3-1
MEDIUM6.3The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization i…
from 0, < 4.8.0~rc3-1
MEDIUM6.2An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.2An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.2An issue was discovered in Xen 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.2Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, whic…
from 0, < 4.8.0~rc3-1
MEDIUM6.0An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.0An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.0An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM6.0An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM6.0xen - security update
from 0, < 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10
MEDIUM6.0xen - security update
from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
MEDIUM6.0An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) be…
from 0, < 4.8.1-1+deb9u3
MEDIUM6.0Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the ins…
from 0, < 4.8.0-1
MEDIUM6.0The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial…
from 0, < 4.8.0-1
MEDIUM5.7A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre…
from 0
MEDIUM5.6A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in t…
from 0
MEDIUM5.6linux - security update
from 0
MEDIUM5.6lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.6Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vra…
from 0, < 4.14.4+74-gd7b22226b5-1
MEDIUM5.6Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM5.6Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an aut…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM5.6Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authent…
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM5.6intel-microcode - security update
from 0, < 4.11.1+92-g6c33308a8d-1
MEDIUM5.6An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0]…
from 0, < 4.11.1-1
MEDIUM5.6Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information resi…
from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
MEDIUM5.6linux - security update
from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
MEDIUM5.6xen - security update
from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
MEDIUM5.6xen - security update
from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
MEDIUM5.6An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via…
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
MEDIUM5.6linux - security update
from 0, < 4.11.1~pre+1.733450b39b-1
MEDIUM5.6xen - security update
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
MEDIUM5.6xen - security update
from 0, < 4.11.1~pre+1.733450b39b-1
MEDIUM5.6An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log…
from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
MEDIUM5.6A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x.
from 0, < 4.8.2+xsa245-0+deb9u1
MEDIUM5.6The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to caus…
from 0, < 4.8.0~rc3-1
MEDIUM5.5PVH guests have their ACPI tables constructed by the toolstack.
from 0
MEDIUM5.5The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of D…
from 0
MEDIUM5.5[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs s…
from 0
MEDIUM5.5[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs s…
from 0
MEDIUM5.5When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.
from 0
MEDIUM5.5Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to…
from 0
MEDIUM5.5A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
from 0
MEDIUM5.5x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one…
from 0, < 4.14.5+94-ge49571868d-1
MEDIUM5.5xen - security update
from 0, < 4.14.5+94-ge49571868d-1
MEDIUM5.5xen - security update
from 0, < 4.14.5+94-ge49571868d-1
MEDIUM5.5Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text expl…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.5Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text expl…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.5Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision.
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.5Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.5Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.5Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious gues…
from 0, < 4.14.5+86-g1c354767d5-1
MEDIUM5.5Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentiall…
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM5.5Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable inf…
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM5.5xen - security update
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM5.5xen - security update
from 0, < 4.14.5+24-g87d90d511c-1
MEDIUM5.5A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case wher…
from 0, < 4.14.4+74-gd7b22226b5-1
MEDIUM5.5inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status.
from 0, < 4.14.3-1~deb11u1
MEDIUM5.5long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a dom…
from 0, < 4.14.3-1~deb11u1
MEDIUM5.5xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g.
from 0, < 4.14.2+25-gb6a8c4f72d-1
MEDIUM5.5x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1.
from 0
MEDIUM5.5HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and dis…
from 0, < 4.14.2+25-gb6a8c4f72d-1
MEDIUM5.5Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative…
from 0, < 4.14.2+25-gb6a8c4f72d-1
MEDIUM5.5xen - security update
from 0, < 4.14.1+11-gb0b734a8b3-1
MEDIUM5.5xen - security update
from 0, < 4.11.4+99-g8bce4698f6-1
MEDIUM5.5An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x.
from 0, < 4.14.1+11-gb0b734a8b3-1
MEDIUM5.5An issue was discovered in Xen 4.6 through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM5.5An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
MEDIUM5.5An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM5.5An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM5.5An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM5.5An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP…
from 0, < 4.11.4-1
MEDIUM5.5An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in…
from 0, < 4.11.4-1
MEDIUM5.5An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive informati…
from 0, < 4.11.4-1
MEDIUM5.5An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM5.5An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-…
from 0, < 4.11.3+24-g14b62ab3e5-1
MEDIUM5.5intel-microcode - security update
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
MEDIUM5.5intel-microcode - security update
from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
MEDIUM5.5Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by cont…
from 0, < 4.8.1-1
MEDIUM5.5Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows loca…
from 0, < 4.8.0-1
MEDIUM5.5Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows loca…
from 0, < 4.8.0-1
MEDIUM5.5VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to…
from 0, < 4.8.0-1
MEDIUM5.5Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process cr…
from 0, < 4.4.0-1
MEDIUM5.5VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via…
from 0, < 4.8.0~rc3-1
MEDIUM5.3PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the ID…
from 0
MEDIUM5.3An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory content…
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM5.0The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the ne…
from 0, < 4.8.0~rc3-1
MEDIUM4.9xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly f…
from 0, < 4.14.3-1~deb11u1
MEDIUM4.7A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak…
from 0
MEDIUM4.7The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.
from 0
MEDIUM4.7When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode…
from 0, < 4.17.0+46-gaaf74a532c-1
MEDIUM4.7An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM4.7xen - security update
from 0, < 4.4.4lts1-0+deb8u1
MEDIUM4.7xen - security update
from 0, < 4.8.0~rc3-1
MEDIUM4.6Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involv…
from 0, < 4.14.4+74-gd7b22226b5-1
MEDIUM4.4Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-chan…
from 0, < 4.14.0+80-gd101b417b7-1
MEDIUM4.3Certain instructions need intercepting and emulating by Xen.
from 0
MEDIUM4.1Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guest…
from 0, < 4.17.3+10-g091466ba55-1~deb12u1
MEDIUM4.1Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denia…
from 0, < 4.8.0~rc3-1
LOW3.8Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.
from 0, < 4.14.5+86-g1c354767d5-1
LOW3.8Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory read…
from 0, < 4.3.0-1
LOW3.8The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 pro…
from 0, < 4.8.0~rc3-1
LOW3.8xen - security update
from 0, < 4.8.0~rc3-1
LOW3.8xen - security update
from 0, < 4.4.1-9+deb8u5
LOW3.3Arm provides multiple helpers to clean & invalidate the cache for a given region.
from 0
LOW3.3Arm provides multiple helpers to clean & invalidate the cache for a given region.
from 0
LOW3.3Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors require…
from 0, < 4.17.1+2-gb773c48e36-1
LOW3.3xen - security update
from 0, < 4.1.6.lts1-8
LOW3.3xen - security update
from 0, < 4.8.0~rc3-1
LOW2.9In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run.
from 0
LOW2.3An issue was discovered in Xen through 4.14.x.
from 0, < 4.14.0+88-g1d1d1f5391-1
—(無摘要)
from 0
—(無摘要)
from 0
—(無摘要)
from 0
—(無摘要)
from 0
—Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructio…
from 0
—(無摘要)
from 0
—A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor…
from 0
—xen - security update
from 0
—xen - security update
from 0, < 4.17.5+72-g01140da4e8-1
—The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks whe…
from 0, < 4.8.0~rc3-1
—The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS admi…
from 0, < 4.8.0~rc3-1
—xen - security update
from 0, < 4.8.0~rc3-1
—xen - security update
from 0, < 4.4.1-9+deb8u4
—xen - security update
from 0, < 4.8.0~rc3-1
—xen - security update
from 0, < 4.4.1-9+deb8u6
—The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of se…
from 0, < 4.6.0-1
—virtualbox - security update
from 0, < 4.8.0~rc3-1
—The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x…
from 0, < 4.6.0-1
—Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allow…
from 0, < 4.6.0-1
—The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM…
from 0, < 4.6.0-1
—Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of ser…
from 0, < 4.6.0-1
—xen - security update
from 0, < 4.6.0-1
—xen - security update
from 0, < 4.1.4-3+deb7u9
—Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management…
from 0, < 4.6.0-1
—Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows loca…
from 0, < 4.6.0-1
—libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows loc…
from 0, < 4.8.0~rc3-1
—The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messag…
from 0, < 4.8.0~rc3-1
—qemu - security update
from 0, < 4.4.0-1
—Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM gue…
from 0, < 4.4.0-1
—qemu-kvm - security update
from 0, < 4.4.0-1
—Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, al…
from 0, < 4.4.0-1
—xen - security update
from 0, < 4.4.1-9+deb8u3
—xen - security update
from 0, < 4.6.0-1
—The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to…
from 0, < 4.6.0-1
—GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause…
from 0, < 4.6.0-1
—xen - security update
from 0, < 4.1.4-3+deb7u8
—xen - security update
from 0, < 4.4.0-1
—QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM…
from 0, < 4.4.0-1
—Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of s…
from 0, < 4.4.0-1
—Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of…
from 0, < 4.4.0-1
—Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest admini…
from 0, < 4.4.0-1
—virtualbox - security update
from 0, < 4.1.4-3+deb7u6
—virtualbox - security update
from 0, < 4.4.0-1
—Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information fro…
from 0, < 4.6.0-1
—QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest use…
from 0, < 4.2.0~rc2-1
—xen - security update
from 0, < 4.1.6.1-1+deb7u1
—xen - security update
from 0, < 4.4.1-9
—Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial o…
from 0, < 4.4.1-9
—Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration di…
from 0, < 4.4.1-9
—The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allow…
from 0, < 4.4.1-8
—The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest user…
from 0, < 4.4.1-8
—xen - security update
from 0, < 4.1.4-3+deb7u5
—xen - security update
from 0, < 4.4.1-8
—The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number me…
from 0, < 4.4.1-7
—The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving…
from 0, < 4.4.1-3
—Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted…
from 0, < 4.4.1-7
—Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest user…
from 0
—common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a den…
from 0, < 4.4.1-6
—The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I…
from 0, < 4.4.1-5
—The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit…
from 0, < 4.4.1-5
—The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domain…
from 0, < 4.4.1-4
—arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gai…
from 0, < 4.4.1-4
—xen - security update
from 0, < 4.4.1-4
—xen - security update
from 0, < 4.1.4-3+deb7u4
—Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction…
from 0, < 4.4.1-1
—The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which a…
from 0, < 4.4.1-3
—The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions fo…
from 0, < 4.4.1-3
—The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions…
from 0, < 4.4.1-3
—Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tra…
from 0, < 4.4.1-3
—Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address…
from 0, < 4.4.1-1
—Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM…
from 0, < 4.4.1-4
—Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are…
from 0, < 4.4.1-4
—Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive i…
from 0, < 4.4.1-1
—The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash…
from 0, < 4.4.1-1
—The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allow…
from 0, < 4.4.1-1
—The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor cras…
from 0, < 4.4.1-1
—The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial…
from 0, < 4.4.0-1
—Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of p…
from 0, < 4.4.0-1
—The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators…
from 0, < 4.4.1-1
—Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 all…
from 0, < 4.4.0-1
—Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not…
from 0, < 4.4.0-1
—The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_pre…
from 0, < 4.4.0-1
—The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory…
from 0, < 4.4.0-1
—The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to caus…
from 0, < 4.2
—xen - several vulnerabilities
from 0, < 4.1.0-1
—xen - several vulnerabilities
from 0, < 4.0.1-4
—The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in…
from 0, < 4.4.0-1
—Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes wh…
from 0, < 4.4.0-1
—Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table…
from 0, < 4.4.0-1
—Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME,…
from 0, < 4.4.0-1
—Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest admin…
from 0, < 4.4.0-1
—Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under…
from 0, < 4.4.0-1
—The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, whic…
from 0, < 4.4.0-1
—The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer…
from 0, < 4.4.0-1
—The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized varia…
from 0, < 4.4.0-1
—Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, whic…
from 0, < 4.4.0-1
—qemu-kvm - security update
from 0, < 4.2-1
—The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows…
from 0, < 4.4.0-1
—Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) po…
from 0, < 4.4.0-1
—Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRST…
from 0, < 4.4.0-1
—The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough…
from 0, < 4.3.0-1
—The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a…
from 0, < 4.4.1-3
—The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O region…
from 0, < 4.3.0-1
—The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and em…
from 0, < 4.3.0-1
—Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of ser…
from 0, < 4.2.2-1
—Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when…
from 0, < 4.2.2-1
—xen - security update
from 0, < 4.1.4-3+deb7u3
—xen - security update
from 0, < 4.2.2-1
—xen - security update
from 0, < 4.3.0-1
—xen - security update
from 0, < 4.1.4-3+deb7u2
—Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain perm…
from 0, < 4.3.0-1
—The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact vi…
from 0, < 4.3.0-1
—Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to…
from 0, < 4.3.0-1
—Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combi…
from 0, < 4.2.2-1
—Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administ…
from 0, < 4.1.4-3
—Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's…
from 0, < 4.1.4-4
—Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a de…
from 0, < 4.1.4-3
—xen - several
from 0, < 4.0.1-5.11
—xen - several
from 0, < 4.1.4-4
—xen - several
from 0, < 4.1.4-3
—xen - several
from 0, < 4.0.1-5.10
—The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remappin…
from 0, < 4.1.4-2
—Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is beh…
from 0, < 4.1.3-8
—xen-qemu-dm-4.0 - buffer overflow
from 0, < 4.1.3-8
—Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU c…
from 0, < 4.1.3-8
—The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local gue…
from 0, < 4.1.3-5
—The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they a…
from 0, < 4.1.3-6
—The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrator…
from 0, < 4.1.3-5
—Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (cra…
from 0, < 4.1.3-5
—Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators t…
from 0, < 4.1.3-5
—Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, w…
from 0, < 4.1.3-5
—xen - denial of service
from 0, < 4.1.2-1
—xen - denial of service
from 0, < 4.0.1-5.5
—xen - several
from 0, < 4.1.3-1
—xen - several
from 0, < 4.0.1-5.3
—Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which…
from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
—Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag…
from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
—The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables,…
from 0, < 4.1.3-4
—Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physi…
from 0, < 4.1.3-1
—The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in…
from 0, < 4.1.4-1
—The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which all…
from 0, < 4.1.4-1
—The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transc…
from 0, < 4.1.4-1
—The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows lo…
from 0, < 4.1.4-1
—Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.…
from 0, < 4.1.4-1
—The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service…
from 0, < 4.1.4-1
—The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service…
from 0, < 4.1.4-1
—The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qe…
from 0, < 4.1.3-2
—xen-qemu-dm-4.0 - multiple
from 0, < 4.1.3-2
—PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service…
from 0, < 4.1.3-2
—(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent…
from 0, < 4.1.4-1
—XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows…
from 0, < 4.1.3-2
—The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the…
from 0, < 4.1.3-2
—xen - denial of service
from 0, < 4.1.3-2
—xen - denial of service
from 0, < 4.0.1-5.4
—Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of ser…
from 0, < 4.1.3-4
—Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fa…
from 0, < 4.1.3-4
—The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of ser…
from 0, < 4.1.3-4
—Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop an…
from 0, < 4.1.3-4
—The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, whi…
from 0, < 4.1.3-4
—xen - several
from 0, < 4.1.3-4
—xen - several
from 0, < 4.0.1-5.7
—kfreebsd-8 - privilege escalation
from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
—kfreebsd-8 - privilege escalation
from 0, < 4.0.1-5.2
—xen-qemu-dm-4.0 - buffer overflow
from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
—tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infin…
from 0, < 4.1.1-1
—Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows g…
from 0, < 4.1.1-1
—Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of servi…
from 0, < 4.1.1-1
—The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does no…
from 0, < 4.0.1-2
—arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Lin…
from 0, < 4.0.1-1