38 matches found
Astra Linux - уязвимость в linux
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...
freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...
CVE-2026-23948
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004306)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004306 advisory. An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414666)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414666 advisory. An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to...
Linux Distros Unpatched Vulnerability : CVE-2020-27673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high...
Linux Distros Unpatched Vulnerability : CVE-2020-29569
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler...
Linux Distros Unpatched Vulnerability : CVE-2021-28039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0...
SUSE CVE-2007-4993
pygrub tools/pygrub/src/GrubConf.py in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements...
SUSE CVE-2012-3433
Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service domain 0 VCPU hang and kernel panic by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown...
SUSE CVE-2020-27675
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the event-handling loop a race condition. This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...
SUSE CVE-2021-28039
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...
SUSE CVE-2022-42323
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
ALPINE-CVE-2022-42323
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
DEBIAN-CVE-2022-42323
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
CVE-2022-42323
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
CVE-2022-42322
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
PT-2022-7324 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue allows cooperating guests to create an arbitrary number of Xenstore nodes. This is possible when one guest lets another write into its local Xenstore tree, creating many nodes an...
ALPINE-CVE-2022-33744
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...
AZL-10108 CVE-2022-33744 affecting package kernel for versions less than 5.15.67.1-4
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...