CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The vmxsetucmode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service CPU consumption and possibly hypervisor or guest kernel panic via a crafted GFN range...

5.7CVSS6.3AI score0.00178EPSS

Exploits0References8

SUSE CVE•added 2023/02/15 5:25 a.m.•2 views

SUSE CVE-2014-8595

arch/x86/x86emulate/x86emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service crash via a crafted 1 CALL, 2 JMP, 3 RETF, 4 LCALL, 5 LJMP, or 6 LRET far branch instruction...

1.9CVSS6.6AI score0.00071EPSS

Exploits0References11

SUSE CVE•added 2023/02/15 4:55 a.m.•2 views

SUSE CVE-2016-9381

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability...

7.5CVSS9AI score0.00105EPSS

Exploits0References14

SUSE CVE•added 2023/02/15 4:54 a.m.•2 views

SUSE CVE-2016-9932

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...

3.3CVSS8.5AI score0.00069EPSS

Exploits0References12

SUSE CVE•added 2023/02/15 4:54 a.m.•2 views

SUSE CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...

5.5CVSS8.7AI score0.00121EPSS

Exploits0References5

OSV•added 2017/02/22 4:59 p.m.•2 views

ALPINE-CVE-2016-9378

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service guest crash by leveraging an incorrect choice for software interrupt delivery...

5.5CVSS6.2AI score0.00061EPSS

Exploits0References1

OSV•added 2016/04/14 2:59 p.m.•2 views

UBUNTU-CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

7.5CVSS7.2AI score0.00061EPSS

Exploits0References3

UbuntuCve•added 2016/02/19 4:59 p.m.•26 views

CVE-2016-2271

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service guest crash via vectors related to a non-canonical RIP...

5.5CVSS6.8AI score0.00066EPSS

Exploits0References2

OSV•added 2015/08/12 2:59 p.m.•3 views

CVE-2015-5166

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice...

8.9AI score

Exploits0References7

OSV•added 2015/03/12 2:59 p.m.•5 views

CVE-2015-2044

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size...

8.7AI score

Exploits0References12

CVE•added 2015/03/12 2:0 p.m.•84 views

CVE-2015-2044

CVE-2015-2044 concerns the Xen hypervisor: the emulation routines for unspecified X86 devices in Xen 3.2.x–4.5.x do not properly initialize data, enabling local HVM guest users to obtain sensitive information via an unsupported access size. The Mageia advisory MGASA-2016-0098 documents this CVE a...

2.1CVSS4.8AI score0.00082EPSS

Exploits0References12Affected Software1

Prion•added 2014/11/19 6:59 p.m.•23 views

Information disclosure

1.9CVSS6.8AI score0.00071EPSS

Exploits0References11Affected Software3

OSV•added 2014/10/02 2:55 p.m.•2 views

DEBIAN-CVE-2014-7155

The x86emulate function in arch/x86/x86emulate/x86emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service guest crash or gain guest kernel mode privileges via vectors involving an 1 HLT, 2 LGDT, 3 LIDT, or 4...

5.8CVSS8.3AI score0.01034EPSS

Exploits0References1

Cvelist•added 2014/10/02 2:0 p.m.•22 views

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

4.7AI score0.02355EPSS

Exploits0References17

Cvelist•added 2014/10/02 2:0 p.m.•31 views

CVE-2014-7155

3.6AI score0.01034EPSS

Exploits0References12