Vulnerabilities (CVE)

Vendor filter

Xen Subscribe

Product filter

Xen Subscribe

Filter

297 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17351 2 Linux, Xen 2 Linux Kernel, Xen 2019-10-11 4.9
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest...
CVE-2019-17341 1 Xen 1 Xen 2019-10-11 6.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
CVE-2019-17344 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
CVE-2019-17348 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
CVE-2019-17349 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
CVE-2019-17350 1 Xen 1 Xen 2019-10-11 4.9
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
CVE-2019-17340 1 Xen 1 Xen 2019-10-10 6.1
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
CVE-2019-17347 1 Xen 1 Xen 2019-10-10 4.6
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
CVE-2019-17343 1 Xen 1 Xen 2019-10-10 4.6
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
CVE-2019-17342 1 Xen 1 Xen 2019-10-10 4.4
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
CVE-2019-17345 1 Xen 1 Xen 2019-10-10 4.9
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
CVE-2019-17346 1 Xen 1 Xen 2019-10-10 7.2
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
CVE-2017-15593 1 Xen 1 Xen 2019-10-03 4.9
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2018-15468 1 Xen 1 Xen 2019-10-03 4.9
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be...
CVE-2018-12893 2 Debian, Xen 2 Debian Linux, Xen 2019-10-03 2.1
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by...
CVE-2018-12891 2 Debian, Xen 2 Debian Linux, Xen 2019-10-03 4.9
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass...
CVE-2018-19965 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-10-03 4.7
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists...
CVE-2017-15590 1 Xen 1 Xen 2019-10-03 4.6
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-17566 1 Xen 1 Xen 2019-10-03 6.9
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2017-12134 2 Citrix, Xen 2 Xenserver, Xen 2019-10-03 7.2
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS...