3 matches found
CVE-2024-31144
CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...
CVE-2020-29487
CVE-2020-29487 affects Xen XAPI (Xen hypervisor tooling). The issue stems from xenopsd watching xenstore keys and forwarding RPC updates via message-switch to xapi, causing an RPC update flood: one update per key update with O(N^2) time, and message-switch retaining ~128 recent messages yields O(...
CVE-2022-33749
CVE-2022-33749 affects Citrix XenServer / Citrix Hypervisor (Xen) components. The issue permits an unauthenticated attacker on the management network to trigger a denial-of-service by exhausting the XAPI file-descriptor limit, preventing new requests from trusted clients and blocking tasks requir...