CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 4 days ago•8 views

kernel: xen/privcmd: fix double free via VMA splitting

A flaw was found in the Linux kernel's xen/privcmd module. A local user could exploit this by performing a partial unmapping of a privcmd memory region. This action causes a Virtual Memory Area VMA to split, leading to duplicated internal memory pointers. As a result, the same memory can be freed...

7.8CVSS5.7AI score0.00183EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fixed the possibility of accessing a freed kirqfd instance. Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If this occurs, it is possible that a kirqfd created and added to...

5.5CVSS5.4AI score0.00236EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel versions 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur during batch hypercalls, where multiple operations are performed in a single hypercall. The success or failure of each operation is reported to the backend driver, and the...

5.5CVSS6.7AI score0.00346EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

Rogue backends can cause Denial of Service DoS attacks on guests through high-frequency events. This CNA information record relates to multiple Common Vulnerabilities and Exposures CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Xen allows for the execution of PV...

6.5CVSS6.8AI score0.00332EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Xen

Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...

7.1CVSS6.9AI score0.00284EPSS

AstraLinux•added 5 days ago•20 views

Astra Linux – Vulnerability in Xen

Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...

5.5CVSS5.9AI score0.00328EPSS

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in Linux, Linux 5.10

6.5CVSS6.8AI score0.00332EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/amdnb: The function amdgetmmconfigrange uses rdmsrsafe, which should not be used without proper safeguards. Xen does not provide the MSRFAM10HMMIOCONFbase to all guests. This results in the following warning: Unchecked MSR...

5.5CVSS6.1AI score0.00176EPSS

AstraLinux•added 5 days ago•17 views

Astra Linux – Vulnerability in Linux 5.10

The Linux kernel before version 5.18.13 lacked a clear mechanism for handling the block start symbol .bss. This allowed Xen PV guest OS users to cause a denial of service or gain privileges...

7.8CVSS6.4AI score0.00846EPSS

Exploits1References2

CVE•added 6 days ago•16 views

CVE-2026-42490

CVE-2026-42490 : The supplied documents describe a vulnerability in Xen domctl lock handling. When XSM/Flask is in use, certain domctl operations acquire the system-wide lock before performing permission checks, meaning lock acquisition may occur ahead of authorization. The root cause is a non-fa...

6.5CVSS5.2AI score0.002EPSS

CVE•added 6 days ago•32 views

CVE-2026-42487

CVE-2026-42487 concerns the Xen hypervisor’s handling of x86 HVM I/O port list traversal. The root cause stated in the sources is that traversal of the linked list used for guest I/O port accesses requires synchronization with updates to the translation/mapping (XEN_DOMCTL_ioport_mapping), but th...

7.9CVSS5.2AI score0.00095EPSS

Exploits0References3

Fedora•added last week•6 views

[SECURITY] Fedora 44 Update: xen-4.21.1-4.fc44

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

9.1CVSS5.2AI score0.00658EPSS

Exploits0

Tenable Nessus•added 2026/06/17 12:0 a.m.•10 views

Fedora 44 : xen (2026-24b84f97af)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-24b84f97af advisory. x86 HVM I/O port list traversal XSA-491, CVE-2026-42487 domctl lock open to abuse XSA-492, CVE-2026-42489, CVE-2026-42490 Arm: Completion of memory...

9.1CVSS5.4AI score0.00658EPSS

Exploits0References6

RedHat Linux•added 2026/06/16 7:17 p.m.•4 views

kernel: xen/privcmd: fix double free via VMA splitting

7.8CVSS5.5AI score0.00183EPSS

RedHat Linux•added 2026/06/16 7:17 p.m.•5 views

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

7.8CVSS5.7AI score0.00197EPSS

RedHat Linux•added 2026/06/16 7:17 p.m.•17 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS5.5AI score0.004EPSS

Exploits0References9

RedHat Linux•added 2026/06/16 6:39 p.m.•6 views

kernel: xen/privcmd: fix double free via VMA splitting

7.8CVSS5.5AI score0.00183EPSS

RedHat Linux•added 2026/06/16 6:39 p.m.•5 views

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

7.8CVSS5.7AI score0.00197EPSS