Linux Distros Unpatched Vulnerability : CVE-2017-7995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to...

Xen Project Dynamic Height Handling Elevation of Privilege Vulnerability (XSA-311)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability or possibly an elevation of privilege vulnerability by triggering data-structure access during pagetable-height updates. An unauthenticated, local attack...

Xen Project Restartable PV Type Change Operations Elevation of Privilege Vulnerability (XSA-310)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an elevation of privilege vulnerability due to race conditions in the pagetable promotion and demotion operations. An authenticated, remote attacker can exploit this issue, by triggering...

Xen Project Descriptor Table Limit Checking Privilege Escalation Vulnerability (XSA-298)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a privilege escalation vulnerability due to improper bounds checking for descriptor table accesses. An authenticated attacker, in user mode on a 32-bit guest, could leverage this...

Xen Project VCPUOP_initialise DoS (XSA-296)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to poor handling of an invalid format string in 'hypercallcreatecontinuation'. This function can be reached via a long-running 'VCPUOPinitialise'...

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access to a...

Xen Project Process Context Identifiers Shadow Pagetables Denial of Service Vulnerability (XSA-294)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware...

Xen Project Pass-through PCI Device Guest-to-Host Privilege Escalation (XSA-285)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by guest-to-host privilege escalation vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check...

Xen Project steal_page Race Condition Multiple Vulnerabilities (XSA-287)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities including denial of service, information disclosure, and privilege escalation due to a stealpage race condition. Only x86 systems are affected. Note that Nessus h...

Xen Project Preemtible Linear Pagetable Denial of Service Vulnerability (XSA-290)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware...

Xen Project PCI Pass-through Device Denial of Service Vulnerability (XSA-291)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware...

Xen Project Guest p2m Page Removal Error Handling DoS (XSA-277)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. An attacker located on a guest virtual machine may be able to exploit this vulnerability to affect the availability of the host system. On...

Xen Project Insufficient TLB Flushing Vulnerability (XSA-275)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a vulnerability allowing a guest system to potentially elevate privileges, access protected information, and perform a DoS against the host. Only AMD systems with IOMMU enabled are...

Xen Project XSA-240 Mitigation Shadow Paging Conflict Vulnerability (XSA-280)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a vulnerability allowing a guest system to potentially elevate privileges, access protected information, and perform a DoS against the host. A number of caveats exist to determine if a...

Xen Project INVPCID with Non-Canonical Addresses DoS (XSA-279)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. An attacker located on a guest virtual machine may be able to exploit this vulnerability to affect the availability of the host system. On...

Xen Project x86 IOREQ Server Resource Accounting DoS (XSA-276)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. An attacker located on a guest virtual machine may be able to exploit this vulnerability to affect the availability of the host system. Th...

Xen Denial of Service Vulnerability (CNVD-2019-07946)

Xen is an open source virtual machine monitor developed by the Xen Project. Xen 4.11.x suffers from a denial of service vulnerability that stems from p2m locking being indefinitely unavailable under certain error conditions, which can be exploited by users of x86 client operating systems to cause...

Xen Project Nested VT-x Instruction Guest-to-Host DoS (XSA-278)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or...

Xen Project Speculative Execution Side Channel Vulnerability (XSA-273) (Foreshadow)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a speculative execution side channel attack known as L1 Terminal Fault L1TF. An attacker who successfully exploited L1TF may be able to read privileged data across trust boundaries. Note...

Xen Project x86 Debug Exception Handling Local DoS (XSA-265)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if...