Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27067)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27067 advisory. - In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN when...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001333 advisory. An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the...

EUVD-2020-18279

Malware in sbrugna...

EUVD-2020-18280

Malware in sbrugna...

EUVD-2020-18276

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-25600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model impos...

Linux Distros Unpatched Vulnerability : CVE-2020-25597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling...

UBUNTU-CVE-2025-38469

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvmxenschedoppoll does a kmallocarray when a VM polls the host for more than one event channel potr nrports 1. After the kmallocarray, the error paths ne...

CVE-2021-47574

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2021-47574

The CVE-2021-47574 entry concerns the Xen netfront driver in the Linux kernel. According to the Red Hat advisory, the vulnerability allows attacks via an excessive number of events sent by the backend, leading to event channel storms. No explicit remediation or affected version details are provid...

SUSE CVE-2017-10917

Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash or possibly obtain sensitive information, aka XSA-221...

SUSE CVE-2020-15566

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: 1 port is already in use, 2 the memory allocation failed, or...

SUSE CVE-2020-25597

An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest...

SUSE CVE-2020-25601

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchnreset / evtchndestroy. In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these when resetting all event channels or when cleaning...

SUSE CVE-2020-25600

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm either bitness ones. 32-bit x86 domain...

SUSE CVE-2020-29571

An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered read...

GSD-2021-1002684 xen/blkfront: harden blkfront against event channel storms

xen/blkfront: harden blkfront against event channel storms This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.168 by commit...

OracleVM 3.4 : xen (OVMSA-2021-0014)

"The remote OracleVM system is missing necessary patches to address security updates: - An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device...

openSUSE Security Update : xen (openSUSE-2020-2331)

This update for xen fixes the following issues : - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests bsc117949 XSA-115. - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions bsc1179498...

Xen out of bounds event channels available to 32-bit x86 domains DoS (XSA-342)

A denial of service DoS vulnerability exists in Xen servers on a 32-bit x86 domains out of bounds event channels due to improper restrictions on limits on the number of usable event channels. The so called 2-level event channel model imposes different limits on the number of usable event channels...