Xen@- Security Vulnerabilities and Issues — Xen@- CVE List

Lucene search

XenXen-

51 matches found

CVE•added 2023/08/11 3:15 a.m.•508 views

CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

6.5CVSS6.9AI score0.00731EPSS

CVE•added 2018/05/08 6:29 p.m.•465 views

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated...

7.8CVSS6.8AI score0.199EPSS

CVE•added 2022/03/13 12:15 a.m.•462 views

CVE-2022-23960

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...

5.6CVSS6.4AI score0.00143EPSS

CVE•added 2022/07/12 7:15 p.m.•359 views

CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certai...

6.5CVSS7.1AI score0.0008EPSS

CVE•added 2022/07/12 7:15 p.m.•344 views

CVE-2022-29900

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

6.5CVSS7.3AI score0.01411EPSS

CVE•added 2023/08/08 6:15 p.m.•334 views

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

5.5CVSS6.9AI score0.03997EPSS

CVE•added 2022/03/10 8:15 p.m.•210 views

CVE-2022-23042

Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backe...

7CVSS7.3AI score0.00085EPSS

CVE•added 2022/11/09 9:15 p.m.•210 views

CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

5.5CVSS5.6AI score0.00024EPSS

CVE•added 2022/03/10 8:15 p.m.•200 views

CVE-2022-23041

7CVSS7.3AI score0.00085EPSS

CVE•added 2022/07/05 1:15 p.m.•197 views

CVE-2022-33740

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-3...

7.1CVSS7.2AI score0.00045EPSS

CVE•added 2022/07/05 1:15 p.m.•196 views

CVE-2022-33743

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

7.8CVSS7.5AI score0.00024EPSS

CVE•added 2022/03/10 8:15 p.m.•192 views

CVE-2022-23037

7CVSS7.3AI score0.00085EPSS

CVE•added 2022/01/05 5:15 p.m.•181 views

CVE-2021-28712

Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...

6.5CVSS6.9AI score0.00047EPSS

CVE•added 2022/01/05 5:15 p.m.•177 views

CVE-2021-28711

6.5CVSS6.9AI score0.00047EPSS

CVE•added 2022/03/10 8:15 p.m.•176 views

CVE-2022-23036

7CVSS7.3AI score0.00085EPSS

CVE•added 2022/03/10 8:15 p.m.•172 views

CVE-2022-23039

7CVSS7.3AI score0.00085EPSS

CVE•added 2022/03/10 8:15 p.m.•170 views

CVE-2022-23038

7CVSS7.3AI score0.00085EPSS

CVE•added 2022/01/05 5:15 p.m.•166 views

CVE-2021-28713

6.5CVSS6.9AI score0.00047EPSS

CVE•added 2022/07/05 1:15 p.m.•165 views

CVE-2022-26365

7.1CVSS7.2AI score0.00045EPSS

CVE•added 2022/07/05 1:15 p.m.•162 views

CVE-2022-33742

7.1CVSS7.2AI score0.00045EPSS

CVE•added 2022/03/10 8:15 p.m.•157 views

CVE-2022-23040

7CVSS7.3AI score0.00085EPSS

CVE•added 2016/04/14 2:59 p.m.•156 views

CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

8.2CVSS6.4AI score0.15964EPSS

CVE•added 2024/01/05 5:15 p.m.•154 views

CVE-2023-34324

Closing of an event channel in the Linux kernel can result in a deadlock.This happens when the close is being performed in parallel to an unrelatedXen console action and the handling of a Xen console interrupt in anunprivileged guest. The closing of an event channel is e.g. triggered by removal of ...

4.9CVSS6.5AI score0.00067EPSS

CVE•added 2022/07/05 1:15 p.m.•153 views

CVE-2022-33741

7.1CVSS7.2AI score0.00045EPSS

CVE•added 2022/11/01 1:15 p.m.•141 views

CVE-2022-42309

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be co...

8.8CVSS8.5AI score0.00044EPSS

CVE•added 2022/04/05 1:15 p.m.•115 views

CVE-2022-26358

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region ...

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2021/03/05 6:15 p.m.•114 views

CVE-2021-28039

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONF...

6.5CVSS5.9AI score0.0014EPSS

CVE•added 2022/04/05 1:15 p.m.•112 views

CVE-2022-26361

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2022/04/05 1:15 p.m.•110 views

CVE-2022-26359

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2016/04/13 3:59 p.m.•102 views

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

6.5CVSS6.3AI score0.00273EPSS

CVE•added 2022/04/05 1:15 p.m.•102 views

CVE-2022-26360

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2022/11/01 1:15 p.m.•85 views

CVE-2022-42312

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service ...

6.5CVSS7AI score0.00046EPSS

CVE•added 2022/11/01 1:15 p.m.•85 views

CVE-2022-42316

6.5CVSS7AI score0.00046EPSS

CVE•added 2022/11/01 1:15 p.m.•82 views

CVE-2022-42315

6.5CVSS7AI score0.00046EPSS

CVE•added 2022/11/01 1:15 p.m.•81 views

CVE-2022-42322

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Do...

5.5CVSS6.5AI score0.00028EPSS

CVE•added 2022/11/01 1:15 p.m.•79 views

CVE-2022-42318

6.5CVSS7AI score0.00046EPSS

CVE•added 2016/04/19 2:59 p.m.•77 views

CVE-2016-3960

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

8.8CVSS8.5AI score0.00077EPSS

CVE•added 2017/04/04 2:59 p.m.•76 views

CVE-2017-7228

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arr...

8.2CVSS6.3AI score0.01043EPSS

Web

CVE•added 2022/11/01 1:15 p.m.•75 views

CVE-2022-42317

6.5CVSS7AI score0.00045EPSS

CVE•added 2022/11/01 1:15 p.m.•73 views

CVE-2022-42314

6.5CVSS7AI score0.00046EPSS

CVE•added 2022/11/01 1:15 p.m.•73 views

CVE-2022-42323

5.5CVSS6.5AI score0.00028EPSS

CVE•added 2022/11/01 1:15 p.m.•72 views

CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

6.5CVSS7.1AI score0.00024EPSS

CVE•added 2022/11/01 1:15 p.m.•71 views

CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries wil...

7CVSS7.4AI score0.00033EPSS

CVE•added 2014/04/01 6:35 a.m.•69 views

CVE-2011-3346

Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has...

4CVSS6.1AI score0.00119EPSS

CVE•added 2016/09/21 2:25 p.m.•69 views

CVE-2016-7092

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

8.2CVSS6.4AI score0.00074EPSS

CVE•added 2022/11/01 1:15 p.m.•67 views

CVE-2022-42313

6.5CVSS7AI score0.00046EPSS

CVE•added 2023/11/10 5:15 p.m.•67 views

CVE-2023-4949

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

8.1CVSS7.1AI score0.00034EPSS

CVE•added 2022/11/01 1:15 p.m.•66 views

CVE-2022-42311

6.5CVSS7AI score0.00045EPSS

CVE•added 2014/01/07 7:55 p.m.•65 views

CVE-2011-1936

Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.

4.6CVSS5.8AI score0.00084EPSS

CVE•added 2014/04/15 11:13 p.m.•45 views

CVE-2014-2580

The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable...

4.4CVSS5.8AI score0.00071EPSS

Total number of security vulnerabilities51