16 matches found
Xen: Xenstored DoS by unprivileged domain (XSA-481)
Any guest issuing a Xenstore command accessing a node using the illegal node path '/local/domain/', will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
Fedora 44 : xen (2026-f884fd0313)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f884fd0313 advisory. update to xen 4.21.1 ---- Use after free of paging structures in EPT XSA-480, CVE-2026-23554 Xenstored DoS by unprivileged domain XSA-481,...
Security update for xen
This update for xen fixes the following issues: CVE-2026-23554: xen: Use after free of paging structures in EPT bsc1259247, XSA-480 CVE-2026-23555: xen: Xenstored DoS by unprivileged domain bsc1259248, XSA-481 Patch Instructions: To install this SUSE update use the SUSE recommended installation...
EUVD-2026-15401
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...
CVE-2026-31788
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...
CVE-2026-23555 Xenstored DoS by unprivileged domain
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2026-23555
CVE-2026-23555 describes a Xen hypervisor vulnerability where an unprivileged guest issuing a Xenstore command to the illegal node path "/local/domain/" can crash xenstored due to a clobbered error indicator. This is a local-attack DoS with no user interaction and high impact to availability. Con...
Fedora 43 : xen (2026-8ae1a1c3d7)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8ae1a1c3d7 advisory. Use after free of paging structures in EPT XSA-480, CVE-2026-23554 Xenstored DoS by unprivileged domain XSA-481, CVE-2026-23555 Tenable has extracte...
SUSE-SU-2026:0908-1 Security update for xen
This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT bsc1259247, XSA-480 - CVE-2026-23555: xen: Xenstored DoS by unprivileged domain bsc1259248, XSA-481...
Xenstored DoS by unprivileged domain
ISSUE DESCRIPTION Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In ca...
CVE-2025-4235
The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...
Linux Distros Unpatched Vulnerability : CVE-2022-42333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to...
SUSE CVE-2022-42334
x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...
UBUNTU-CVE-2022-42333
x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...
Denial Of Service (DoS)
xen is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that the hypervisor's para-virtualized framebuffer PVFB backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain DomU to cause...
Moderate: Red Hat Security Advisory: xen security and bug fix update
Updated xen packages that resolve several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xen packages contain the Xen tools and management daemons needed to manage...