CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

CVE-2019-19583

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service guest OS crash because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for DB...

CVE-2019-19580

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type...

CVE-2019-19583

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service guest OS crash because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for DB...

CVE-2019-19579

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device and assignable-add is not used, because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's...

CVE-2019-19579

CVE-2019-19579 affects the Xen hypervisor up to 4.12.x. It arises when an untrusted domain has access to a PCI device and the incomplete fix for CVE-2019-18424 leaves the system vulnerable if alternate PCI assignment methods are used (libxl assignable-add not strictly required). The issue enables...

CVE-2019-18424

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to...

CVE-2019-18423

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEMaddtophysmap hypercall. p2m-maxmappedgfn is used by the functions p2mresolvetranslationfault and p2mgetentry to sanity check guest physical frame. The rest of the code in the two...

CVE-2019-18423

CVE-2019-18423 concerns the Xen hypervisor vulnerability affecting ARM guests via XENMEM_add_to_physmap in Xen 4.12.x and earlier. The issue stems from p2m handling: p2m->max_mapped_gfn is used to sanity-check guest frames in p2m_resolve_translation_fault() and p2m_get_entry(), while p2m_get_r...

CVE-2019-17349

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service infinite loop involving a LoadExcl or StoreExcl operation...

Design/Logic Flaw

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service infinite loop involving a LoadExcl or StoreExcl operation...

CVE-2019-17350

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service infinite loop involving a compare-and-exchange operation...

CVE-2019-17349

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service infinite loop involving a LoadExcl or StoreExcl operation...

CVE-2019-17350

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service infinite loop involving a compare-and-exchange operation...