SUSE CVE-2012-5525

The getpagefromgfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service crash via a crafted GFN that triggers a buffer over-read...

SUSE CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

SUSE CVE-2013-4553

The XENDOMCTLgetmemlist hypercall in Xen 3.4.x through 4.3.x possibly 4.3.1 does not always obtain the pagealloclock and mmrwlock in the same order, which allows local guest administrators to cause a denial of service host deadlock...

SUSE CVE-2014-1893

Multiple integer overflows in the 1 FLASKGETBOOL and 2 FLASKSETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, a different vulnerability than...

SUSE CVE-2014-1894

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893...

SUSE CVE-2015-0361

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service system crash via a crafted hypercall during HVM guest teardown...

SUSE CVE-2015-2045

The HYPERVISORxenversion hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors...

SUSE CVE-2015-2752

The XENDOMCTLmemorymapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service host CPU consumption via a crafted request to the device model qemu-dm...

SUSE CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

SUSE CVE-2015-7812

The hypercallcreatecontinuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service host crash via a preemptible hypercall to the multicall interface...

SUSE CVE-2015-7969

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service memory consumption via a large number of "teardowns" of domains with the vcpu pointer array allocated using the 1 XENDOMCTLmaxvcpus hypercall or the...

SUSE CVE-2016-5412

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

SUSE CVE-2017-8903

Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213...

SUSE CVE-2019-18423

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEMaddtophysmap hypercall. p2m-maxmappedgfn is used by the functions p2mresolvetranslationfault and p2mgetentry to sanity check guest physical frame. The rest of the code in the two...

SUSE CVE-2021-28704

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

PT-2025-54001

Name of the Vulnerable Software and Affected Versions linux affected versions not specified Description A flaw exists in the Linux kernel related to Indirect Branch Tracking IBT on x86/Hyperv systems. Specifically, when running on hardware supporting IBT within Hyper-V VMs with ConfigVersion 9.3 ...

CVE-2021-28705

issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...

CVE-2021-28706

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may...

CVE-2021-28706

CVE-2021-28706 affects the Xen hypervisor memory management: when a guest can approach 16 TiB, a 32-bit precision overflow in the memory-allocation calculation may allow the guest to bypass an administrator-set limit by miscomputing the compared value. The vulnerability enables memory expansion b...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9053)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9053 advisory. - xen-blkback: fix error handling in xenblkbkmap Jan Beulich Orabug: 32492109 CVE-2021-26930 - xen-scsiback: don't 'handle' error by BUG Jan Beulic...