EUVD-2026-30928

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002669 advisory. An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not...

PT-2026-27499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Xen privcmd driver allows user space processes to issue arbitrary hypercalls. Normally, access is limited to root and the hypervisor denies hypercalls affecting other domains. Howeve...

Linux Distros Unpatched Vulnerability : CVE-2019-17347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its...

SUSE CVE-2013-1917

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service hypervisor crash by triggering a GP fault, which is not properly handled by another IRET instruction...

SUSE CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215...

SUSE CVE-2017-17565

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P...

SUSE CVE-2019-18421

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen...

Cambridge Xen 缓冲区错误漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability in Xen's Bare 32-bi...

UBUNTU-CVE-2020-25602

An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSRMISCENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the...

ALPINE-CVE-2019-18421

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen...

UBUNTU-CVE-2019-17341

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device...

DEBIAN-CVE-2018-12893

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...

UBUNTU-CVE-2017-15595

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service unbounded recursion, stack consumption, and hypervisor crash or possibly gain privileges via crafted page-table stacking...

64-bit PV guest privilege escalation vulnerability

ISSUE DESCRIPTION Rafal Wojtczuk has discovered a vulnerability which can allow a 64-bit PV guest kernel running on a 64-bit hypervisor to escalate privileges to that of the host by arranging for a system call to return via sysret to a non-canonical RIP. Intel CPUs deliver the resulting exception...

kernel: stack corruption in xen_failsafe_callback()

The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service guest crash by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption...