CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

SUSE CVE•added 2023/02/15 5:29 a.m.•2 views

SUSE CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

6.7CVSS7.4AI score0.0081EPSS

Exploits0References7

CVE•added 2016/04/14 2:0 p.m.•67 views

CVE-2015-8554

CVE-2015-8554 describes a buffer overflow in Xen’s MSI-X handling: in hw/pt-msi.c for Xen 4.6.x and earlier when using the qemu-xen-traditional (qemu-dm) device model. The issue enables local x86 HVM guest administrators, with access to a passed-through MSI-X capable PCI device and MSI-X table en...

7.5CVSS7.8AI score0.004EPSS

Exploits0References6Affected Software1

Tenable Nessus•added 2016/03/04 12:0 a.m.•46 views

Fedora 22 : xen-4.5.2-6.fc22 (2015-c44bd3e0fa)

paravirtualized drivers incautious about shared memory contents XSA-155, CVE-2015-8550 qemu-dm buffer overrun in MSI-X handling XSA-164, CVE-2015-8554 information leak in legacy x86 FPU/XMM initialization XSA-165, CVE-2015-8555 ioreq handling possibly susceptible to multiple read issue XSA-166 No...

8.6CVSS7.7AI score0.02254EPSS

Exploits2References8

Tenable Nessus•added 2016/03/04 12:0 a.m.•48 views

Fedora 23 : xen-4.5.2-6.fc23 (2015-d8253e2b1d)

8.6CVSS7.7AI score0.02254EPSS

Exploits2References8

Xen Project•added 2015/12/17 12:0 p.m.•66 views

qemu-dm buffer overrun in MSI-X handling

ISSUE DESCRIPTION "qemu-xen-traditional" aka qemu-dm tracks state for each MSI-X table entry of a passed through device. This is used/updated on intercepted accesses to the pages containing the MSI-X table. There may be space on the final page not covered by any MSI-X table entry, but memory for...

7.5CVSS8AI score0.004EPSS

Exploits0

Xen Project•added 2015/07/27 12:0 p.m.•70 views

QEMU heap overflow flaw while processing certain ATAPI commands.

ISSUE DESCRIPTION The QEMU security team has predisclosed the following advisory: A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use thi...

7.2CVSS7.4AI score0.00606EPSS

Exploits0

Tenable Nessus•added 2015/07/14 12:0 a.m.•40 views

FreeBSD : xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible (d40c66cb-27e4-11e5-a4a5-002590263bf5)

The Xen Project reports : The XENDOMCTLmemorymapping hypercall allows long running operations without implementing preemption. This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly...

4.9CVSS7.6AI score0.00453EPSS

Exploits0References3

Xen Project•added 2015/04/20 5:10 p.m.•65 views

Information leak through XEN_DOMCTL_gettscinfo

ISSUE DESCRIPTION The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar bug existed in XENSYSCTLgetdomaininfolist, which is addressed by the patches provided here even though that operation was declared by XSA-77 not to provide...

2.9CVSS9AI score0.00793EPSS

Exploits0Affected Software1

Prion•added 2015/04/01 2:59 p.m.•23 views

Cross site request forgery (csrf)

The XENDOMCTLmemorymapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service host CPU consumption via a crafted request to the device model qemu-dm...

4.9CVSS6.4AI score0.00453EPSS

Exploits0References9Affected Software2

Cvelist•added 2015/04/01 2:0 p.m.•28 views

CVE-2015-2752

5.4AI score0.00453EPSS

Exploits0References9

Debian CVE•added 2015/04/01 2:0 p.m.•26 views

CVE-2015-2752

4.9CVSS5.8AI score0.00453EPSS

Exploits0

FreeBSD•added 2015/03/31 12:0 a.m.•30 views

xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible

The Xen Project reports: The XENDOMCTLmemorymapping hypercall allows long running operations without implementing preemption. This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly...

4.9CVSS6.6AI score0.00453EPSS

Exploits0References1

Tenable Nessus•added 2014/12/15 12:0 a.m.•32 views

Fedora 21 : xen-4.4.1-9.fc21 (2014-15951)

Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Guest effectable page reference leak in MMUMACHPHYSUPDATE handling Insufficient restrictions on...

7.1CVSS6.6AI score0.02221EPSS

Exploits1References9

Tenable Nessus•added 2014/12/02 12:0 a.m.•43 views

Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)

Guest effectable page reference leak in MMUMACHPHYSUPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

7.1CVSS6.6AI score0.02221EPSS

Exploits1References9

Tenable Nessus•added 2014/12/02 12:0 a.m.•38 views

Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)

7.1CVSS6.6AI score0.02221EPSS

Exploits1References9

Xen Project•added 2014/06/03 12:0 p.m.•68 views

Vulnerabilities in HVM MSI injection

ISSUE DESCRIPTION The implementation of the HVM control operation HVMOPinjectmsi, while checking whether a particular IRQ was already set up in the necessary way, fails to properly check all respective conditions. In particular it doesn't check the returned pointer for being non-NULL before de-...

5.5CVSS6.4AI score0.00719EPSS

Exploits0Affected Software1