Filtered by vendor Xen
Subscriptions
Filtered by product Xen
Subscriptions
Total
468 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-12891 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability. | ||||
CVE-2018-10982 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. | ||||
CVE-2018-10981 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | ||||
CVE-2018-10472 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. | ||||
CVE-2018-10471 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | ||||
CVE-2017-8905 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. | ||||
CVE-2017-8904 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214. | ||||
CVE-2017-8903 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. | ||||
CVE-2017-7995 | 3 Novell, Suse, Xen | 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more | 2024-11-21 | N/A |
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | ||||
CVE-2017-7228 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. | ||||
CVE-2017-2620 | 5 Citrix, Debian, Qemu and 2 more | 12 Xenserver, Debian Linux, Qemu and 9 more | 2024-11-21 | N/A |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. | ||||
CVE-2017-2615 | 5 Citrix, Debian, Qemu and 2 more | 12 Xenserver, Debian Linux, Qemu and 9 more | 2024-11-21 | N/A |
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. | ||||
CVE-2017-17566 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | ||||
CVE-2017-17565 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. | ||||
CVE-2017-17564 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. | ||||
CVE-2017-17563 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. | ||||
CVE-2017-17046 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. | ||||
CVE-2017-17045 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. | ||||
CVE-2017-17044 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | ||||
CVE-2017-15597 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. |