8 matches found
CVE-2025-27464
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
EUVD-2025-210445
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
CVE-2025-27464
CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...
CVE-2025-27463
The CVE-2025-27463 entry corresponds to the Windows PV drivers exposed by XenServer/Citrix Hypervisor. These PV devices (XenCons, XenIface, XenBus) reportedly expose facilities to userspace with no security descriptors, making them fully accessible to unprivileged users. The connected sources ide...
CVE-2025-27462
CVE-2025-27462 refers to the Windows PV drivers in XenServer/Citrix Hypervisor where several PV interfaces (XenCon s, XenIface, XenBus) expose no security descriptors, making them accessible to unprivileged users. The CVE is tied to the Windows PV drivers for XenServer 8.x; Linux guests are unaff...
WinPVDrivers: Excessive permissions on user-exposed devices
ISSUE DESCRIPTION The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464 IMPACT Unprivileged...
OracleVM 3.2 : xen (OVMSA-2017-0149)
The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...