pkg:Alpine/xen
304 total CVEsCRITICAL16HIGH112MEDIUM163LOW7
✅ Check your installed version
All known vulnerabilities
- CRITICAL10.0CVE-2017-10921The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, wh…from 0, < 4.9.0-r0
- CRITICAL10.0CVE-2017-10920The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_hos…from 0, < 4.9.0-r0
- CRITICAL10.0CVE-2017-10918Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host…from 0, < 4.9.0-r0
- from 0, < 4.9.0-r0
- from 0, < 4.7.2-r0
- CRITICAL9.9CVE-2017-2620Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.from 0, < 4.7.1-r5
- from 0, < 4.11.0-r0
- CRITICAL9.8CVE-2025-58143[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0, < 4.18.5-r2
- CRITICAL9.8CVE-2025-58142[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0, < 4.18.5-r2
- CRITICAL9.8CVE-2025-27466[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0, < 4.18.5-r2
- CRITICAL9.8CVE-2019-18425An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descrip…from 0, < 4.12.1-r1
- CRITICAL9.8CVE-2017-10913The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows ba…from 0, < 4.9.0-r0
- from 0, < 4.7.1-r5
- from 0, < 4.9.0-r7
- CRITICAL9.1CVE-2017-10917Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of servic…from 0, < 4.9.0-r0
- CRITICAL9.0CVE-2017-10915The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest…from 0, < 4.9.0-r0
- HIGH8.8CVE-2025-58150Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing.from 0, < 4.18.5-r4
- HIGH8.8CVE-2022-42309Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during…from 0, < 4.14.5-r6
- from 0, < 4.14.5-r5
- HIGH8.8CVE-2021-28708PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…from 0, < 4.13.4-r2
- HIGH8.8CVE-2021-28707PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…from 0, < 4.13.4-r2
- HIGH8.8CVE-2021-28704PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…from 0, < 4.13.4-r2
- HIGH8.8CVE-2021-28710certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may…from 0, < 4.15.1-r1
- from 0, < 4.13.2-r3
- from 0, < 4.13.2-r3
- HIGH8.8CVE-2020-29569An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.from 0, < 0
- HIGH8.8CVE-2020-29040An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data…from 0, < 4.12.4-r0
- HIGH8.8CVE-2020-15565An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain…from 0, < 4.12.3-r2
- HIGH8.8CVE-2019-19578An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear p…from 0, < 4.12.2-r0
- HIGH8.8CVE-2019-18423An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercal…from 0, < 4.12.1-r1
- HIGH8.8CVE-2019-18422An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the…from 0, < 4.12.1-r1
- HIGH8.8CVE-2019-17346An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an…from 0, < 4.11.2-r0
- HIGH8.8CVE-2019-17340An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-tab…from 0, < 4.11.2-r0
- HIGH8.8CVE-2018-19966An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain…from 0, < 4.11.1-r0
- HIGH8.8CVE-2018-18883An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of s…from 0, < 4.11.1-r0
- HIGH8.8CVE-2018-10982An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt num…from 0, < 4.10.1-r1
- HIGH8.8CVE-2018-7541An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by…from 0, < 4.10.0-r2
- HIGH8.8CVE-2017-17045An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, o…from 0, < 4.7.3-r2
- HIGH8.8CVE-2017-15595An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consum…from 0, < 4.9.0-r6
- HIGH8.8CVE-2017-15594An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain pri…from 0, < 4.9.0-r6
- from 0, < 4.9.0-r6
- HIGH8.8CVE-2017-15590An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain p…from 0, < 4.9.0-r6
- from 0, < 4.9.0-r4
- from 0, < 4.9.0-r4
- HIGH8.8CVE-2017-12137arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.from 0, < 4.9.0-r1
- HIGH8.8CVE-2017-12135Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vector…from 0, < 4.9.0-r1
- HIGH8.8CVE-2017-8905Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the…from 0, < 4.6.3-r7
- HIGH8.8CVE-2017-8904Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which mi…from 0, < 4.8.1-r2
- HIGH8.8CVE-2017-8903Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitr…from 0, < 4.8.1-r2
- HIGH8.8CVE-2016-9383Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive info…from 0, < 4.7.1-r1
- HIGH8.8CVE-2016-6258The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges b…from 0, < 4.7.0-r0
- HIGH8.6CVE-2022-42333x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…from 0, < 4.15.5-r0
- HIGH8.6CVE-2021-28706guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hyperca…from 0, < 4.13.4-r2
- from 0, < 4.7.2-r0
- HIGH8.2CVE-2016-7093Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges…from 0, < 4.7.0-r1
- from 0, < 4.7.0-r1
- HIGH8.1CVE-2017-10914The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial o…from 0, < 4.9.0-r0
- from 0, < 4.7.1-r1
- HIGH7.8CVE-2026-23558The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a gr…from 0, < 4.18.5-r7
- HIGH7.8CVE-2026-31787In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .…from 0, < 0
- HIGH7.8CVE-2026-31786In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned b…from 0, < 0
- HIGH7.8CVE-2026-23554The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple mo…from 0, < 4.18.5-r5
- HIGH7.8CVE-2023-34326The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices w…from 0, < 4.15.5-r3
- HIGH7.8CVE-2023-34325[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage…from 0, < 4.15.5-r3
- HIGH7.8CVE-2023-34322For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.from 0, < 4.15.5-r1
- HIGH7.8CVE-2022-42335x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted…from 0, < 4.17.0-r5
- HIGH7.8CVE-2022-42332x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Pa…from 0, < 4.15.5-r0
- HIGH7.8CVE-2022-33743network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in…from 0, < 4.15.4-r0
- HIGH7.8CVE-2022-26361IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.13.4-r3
- HIGH7.8CVE-2022-26360IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.13.4-r3
- HIGH7.8CVE-2022-26359IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.13.4-r3
- HIGH7.8CVE-2022-26358IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.13.4-r3
- from 0, < 4.13.4-r3
- HIGH7.8CVE-2021-28709issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/…from 0, < 4.14.3-r2
- HIGH7.8CVE-2021-28705issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/…from 0, < 4.13.4-r2
- HIGH7.8CVE-2021-28701Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.from 0, < 4.13.3-r3
- HIGH7.8CVE-2021-28697grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.from 0, < 4.13.3-r2
- HIGH7.8CVE-2020-27671An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause…from 0, < 4.12.4-r0
- from 0, < 4.12.4-r0
- from 0, < 4.12.3-r4
- from 0, < 4.12.3-r4
- HIGH7.8CVE-2020-15567An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non…from 0, < 4.12.3-r2
- from 0, < 4.12.2-r1
- HIGH7.8CVE-2019-17347An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a gues…from 0, < 4.11.2-r0
- HIGH7.8CVE-2019-17341An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…from 0, < 4.11.2-r0
- HIGH7.8CVE-2018-19963An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privi…from 0, < 4.11.1-r0
- HIGH7.8CVE-2018-19962An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because sma…from 0, < 4.11.1-r0
- from 0, < 4.11.1-r0
- HIGH7.8CVE-2018-8897A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the…from 0, < 4.10.1-r1
- HIGH7.8CVE-2017-17566An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privil…from 0, < 4.6.6-r3
- HIGH7.8CVE-2017-17564An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privilege…from 0, < 4.6.6-r3
- from 0, < 4.6.6-r3
- from 0, < 4.9.0-r6
- HIGH7.8CVE-2017-12136Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free l…from 0, < 4.9.0-r1
- from 0, < 4.7.1-r4
- HIGH7.8CVE-2016-9386The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest user…from 0, < 4.7.1-r1
- HIGH7.8CVE-2016-9382Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or ca…from 0, < 4.7.1-r1
- from 0, < 4.13.4-r1
- HIGH7.5CVE-2025-58149When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have.from 0, < 4.18.5-r3
- HIGH7.5CVE-2025-58148[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Virid…from 0, < 4.18.5-r3
- HIGH7.5CVE-2025-58147[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Virid…from 0, < 4.18.5-r3
- HIGH7.5CVE-2025-58145[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0, < 4.18.5-r2
- HIGH7.5CVE-2025-58144[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0, < 4.18.5-r2
- HIGH7.5CVE-2025-1713When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required.from 0, < 4.17.5-r3
- HIGH7.5CVE-2024-31145Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Inte…from 0, < 4.16.6-r1
- HIGH7.5CVE-2024-31143An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors.from 0, < 4.16.6-r1
- HIGH7.5CVE-2024-31142Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used.from 0, < 4.16.6-r0
- HIGH7.5CVE-2022-42330Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g.from 0, < 4.17.0-r2
- HIGH7.5CVE-2019-19583An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX…from 0, < 4.12.2-r0
- HIGH7.5CVE-2019-18421An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pa…from 0, < 4.12.1-r1
- HIGH7.5CVE-2017-10922The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of serv…from 0, < 4.9.0-r0
- HIGH7.5CVE-2017-10916The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection…from 0, < 4.9.0-r0
- HIGH7.5CVE-2016-9381Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka…from 0, < 4.7.1-r1
- HIGH7.5CVE-2016-9380The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to…from 0, < 4.7.1-r1
- HIGH7.3CVE-2024-45817In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register.from 0, < 4.16.6-r2
- HIGH7.2CVE-2019-19577An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges…from 0, < 4.12.2-r0
- HIGH7.1CVE-2026-23555Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobber…from 0, < 4.18.5-r5
- HIGH7.1CVE-2022-42327x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and wr…from 0, < 4.15.4-r0
- HIGH7.1CVE-2022-33742Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0, < 4.14.5-r3
- HIGH7.1CVE-2022-33741Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0, < 4.14.5-r3
- HIGH7.1CVE-2022-33740Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0, < 4.14.5-r3
- HIGH7.1CVE-2022-26365Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0, < 4.14.5-r3
- HIGH7.1CVE-2021-28692inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) is…from 0, < 4.13.3-r1
- HIGH7.0CVE-2022-42320Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.from 0, < 4.15.4-r0
- from 0, < 4.13.4-r3
- HIGH7.0CVE-2021-28703grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of m…from 0, < 4.13.4-r0
- HIGH7.0CVE-2020-27672An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or…from 0, < 4.12.4-r0
- from 0, < 4.12.3-r4
- MEDIUM6.8CVE-2021-28696IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities cor…from 0, < 4.13.3-r2
- MEDIUM6.8CVE-2021-28695IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities cor…from 0, < 4.13.3-r2
- from 0, < 4.13.3-r2
- MEDIUM6.8CVE-2019-19579An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domai…from 0, < 4.12.2-r0
- MEDIUM6.8CVE-2019-18424An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domai…from 0, < 4.12.1-r1
- MEDIUM6.8CVE-2019-17343An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…from 0, < 4.11.2-r0
- MEDIUM6.7CVE-2022-26364x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5-r1
- MEDIUM6.7CVE-2022-26363x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5-r1
- MEDIUM6.6CVE-2019-19580An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pa…from 0, < 4.12.2-r0
- MEDIUM6.5CVE-2026-23557Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.from 0, < 4.18.5-r7
- MEDIUM6.5CVE-2024-45818The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode.from 0, < 4.16.6-r3
- MEDIUM6.5CVE-2023-46842Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes.from 0, < 4.16.6-r0
- MEDIUM6.5CVE-2023-46841Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET).from 0, < 4.16.5-r7
- from 0, < 4.16.5-r7
- from 0, < 4.15.5-r0
- MEDIUM6.5CVE-2022-42334x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…from 0, < 4.15.5-r0
- MEDIUM6.5CVE-2022-42321Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42319Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate qui…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42318Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42317Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42316Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42315Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42314Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42313Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42312Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-42311Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-33746P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size.from 0, < 4.15.4-r0
- MEDIUM6.5CVE-2022-23825Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosur…from 0, < 4.14.5-r4
- MEDIUM6.5CVE-2022-29900Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-depen…from 0, < 4.14.5-r4
- MEDIUM6.5CVE-2021-28690x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability.from 0, < 4.13.3-r1
- from 0, < 4.13.3-r1
- from 0, < 4.13.2-r3
- from 0, < 0
- from 0, < 4.12.3-r4
- MEDIUM6.5CVE-2020-15566An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in even…from 0, < 4.12.3-r2
- MEDIUM6.5CVE-2020-15564An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check…from 0, < 4.12.3-r2
- MEDIUM6.5CVE-2020-15563An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash.from 0, < 4.12.3-r2
- MEDIUM6.5CVE-2019-19582An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit…from 0, < 4.12.2-r0
- from 0, < 4.12.1-r1
- from 0, < 4.12.1-r1
- MEDIUM6.5CVE-2019-18420An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall.from 0, < 4.11.2-r0
- MEDIUM6.5CVE-2019-17348An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility bet…from 0, < 4.11.2-r0
- MEDIUM6.5CVE-2019-17345An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of fail…from 0, < 4.11.2-r0
- MEDIUM6.5CVE-2018-19967An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) be…from 0, < 4.11.1-r0
- MEDIUM6.5CVE-2018-19964An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains…from 0, < 4.11.1-r0
- from 0, < 4.11.1-r0
- from 0, < 4.11.1-r0
- from 0, < 4.11.0-r0
- from 0, < 4.11.0-r0
- from 0, < 4.10.1-r1
- MEDIUM6.5CVE-2018-10471An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hyp…from 0, < 4.10.1-r0
- MEDIUM6.5CVE-2018-7542An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference…from 0, < 4.10.0-r2
- from 0, < 4.10.0-r2
- MEDIUM6.5CVE-2018-5244In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests.from 0, < 4.10.0-r1
- MEDIUM6.5CVE-2017-17046An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a…from 0, < 4.6.6-r2
- from 0, < 4.7.3-r2
- MEDIUM6.5CVE-2017-15593An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference co…from 0, < 4.9.0-r6
- MEDIUM6.5CVE-2017-15591An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of…from 0, < 4.7.3-r3
- MEDIUM6.5CVE-2017-15589An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitr…from 0, < 4.9.0-r6
- from 0, < 4.9.0-r4
- MEDIUM6.5CVE-2017-12855Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use.from 0, < 4.9.0-r1
- MEDIUM6.5CVE-2017-10923Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service…from 0, < 4.9.0-r0
- MEDIUM6.5CVE-2017-10919Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka…from 0, < 4.9.0-r0
- MEDIUM6.5CVE-2017-10911The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensiti…from 0, < 4.9.0-r0
- MEDIUM6.5CVE-2016-9818Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort whi…from 0, < 4.7.1-r3
- MEDIUM6.5CVE-2016-9817Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetc…from 0, < 4.7.1-r3
- MEDIUM6.5CVE-2016-9816Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort whi…from 0, < 4.7.1-r3
- MEDIUM6.5CVE-2016-9815Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.from 0, < 4.7.1-r3
- MEDIUM6.5CVE-2016-9384Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.from 0, < 4.7.1-r1
- MEDIUM6.4CVE-2022-26362x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.from 0, < 4.14.5-r1
- from 0, < 4.7.0-r5
- from 0, < 4.13.2-r3
- from 0, < 4.13.2-r3
- from 0, < 4.14.1-r0
- MEDIUM6.2CVE-2016-6259Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, whic…from 0, < 4.7.0-r0
- from 0, < 4.13.2-r3
- from 0, < 4.13.2-r3
- from 0, < 4.13.2-r3
- from 0, < 4.12.3-r4
- from 0, < 4.11.1-r0
- MEDIUM6.0CVE-2017-15596An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) be…from 0, < 4.6.6-r2
- MEDIUM6.0CVE-2016-10024Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the ins…from 0, < 4.7.1-r4
- MEDIUM6.0CVE-2016-9385The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial…from 0, < 4.7.1-r1
- MEDIUM5.7CVE-2024-2193A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre…from 0, < 4.16.5-r7
- MEDIUM5.6CVE-2024-36357A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in t…from 0, < 4.18.5-r1
- from 0, < 4.18.5-r1
- MEDIUM5.6CVE-2022-33748lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.from 0, < 4.15.4-r0
- MEDIUM5.6CVE-2022-26356Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vra…from 0, < 4.13.4-r3
- MEDIUM5.6CVE-2022-23960Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB.from 0, < 4.13.4-r3
- MEDIUM5.6CVE-2021-26401LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.from 0, < 4.15.2-r2
- MEDIUM5.6CVE-2019-11091Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may…from 0, < 4.12.0-r2
- MEDIUM5.6CVE-2018-12130Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an aut…from 0, < 4.12.0-r2
- MEDIUM5.6CVE-2018-12127Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authent…from 0, < 4.12.0-r2
- from 0, < 4.12.0-r2
- MEDIUM5.6CVE-2018-19965An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0]…from 0, < 4.11.1-r0
- MEDIUM5.6CVE-2018-3646Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information resi…from 0, < 4.11.1-r0
- from 0, < 4.11.1-r0
- from 0, < 4.11.0-r0
- MEDIUM5.6CVE-2018-10472An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via…from 0, < 4.10.1-r0
- from 0, < 4.7.3-r4
- MEDIUM5.6CVE-2017-5753Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an a…from 0, < 4.7.3-r4
- from 0, < 4.7.3-r4
- MEDIUM5.6CVE-2017-17565An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log…from 0, < 4.6.6-r3
- MEDIUM5.6CVE-2017-14317A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x.from 0, < 4.9.0-r4
- from 0, < 4.16.6-r3
- MEDIUM5.5CVE-2023-46835The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of D…from 0, < 4.15.5-r3
- MEDIUM5.5CVE-2023-34328[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs s…from 0, < 4.15.5-r3
- MEDIUM5.5CVE-2023-34327[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs s…from 0, < 4.15.5-r3
- MEDIUM5.5CVE-2023-34323When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.from 0, < 4.15.5-r3
- MEDIUM5.5CVE-2023-34320Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to…from 0, < 4.15.4-r3
- MEDIUM5.5CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.from 0, < 4.15.5-r2
- from 0, < 4.15.4-r1
- MEDIUM5.5CVE-2022-42331x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one…from 0, < 4.15.5-r0
- from 0, < 4.14.5-r7
- MEDIUM5.5CVE-2022-42326Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text expl…from 0, < 4.15.4-r0
- MEDIUM5.5CVE-2022-42325Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text expl…from 0, < 4.15.4-r0
- MEDIUM5.5CVE-2022-42324Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision.from 0, < 4.15.4-r0
- MEDIUM5.5CVE-2022-42323Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…from 0, < 4.15.4-r0
- MEDIUM5.5CVE-2022-42322Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…from 0, < 4.15.4-r0
- MEDIUM5.5CVE-2022-42310Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious gues…from 0, < 4.15.4-r0
- MEDIUM5.5CVE-2022-21166Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentiall…from 0, < 4.14.5-r2
- MEDIUM5.5CVE-2022-21127Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially…from 0, < 0
- MEDIUM5.5CVE-2022-21125Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable inf…from 0, < 4.14.5-r2
- from 0, < 4.14.5-r2
- MEDIUM5.5CVE-2022-23034A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case wher…from 0, < 4.13.4-r3
- MEDIUM5.5CVE-2021-28699inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status.from 0, < 4.13.3-r2
- MEDIUM5.5CVE-2021-28698long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a dom…from 0, < 4.13.3-r2
- MEDIUM5.5CVE-2021-28693xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g.from 0, < 4.13.3-r1
- MEDIUM5.5CVE-2021-28687HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and dis…from 0, < 4.13.3-r0
- from 0, < 4.13.2-r5
- MEDIUM5.5CVE-2021-3308An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x.from 0, < 4.13.2-r4
- from 0, < 4.13.2-r3
- from 0, < 4.13.2-r3
- from 0, < 4.12.3-r4
- from 0, < 4.12.3-r4
- from 0, < 4.12.3-r4
- from 0, < 4.12.3-r4
- from 0, < 4.12.3-r1
- MEDIUM5.5CVE-2020-11743An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP…from 0, < 4.12.2-r1
- MEDIUM5.5CVE-2020-11742An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in…from 0, < 4.12.2-r1
- MEDIUM5.5CVE-2020-11740An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive informati…from 0, < 4.12.2-r1
- MEDIUM5.5CVE-2019-17349An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl…from 0, < 4.12.1-r0
- from 0, < 4.11.0-r0
- MEDIUM5.5CVE-2016-9378Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows loca…from 0, < 4.7.1-r1
- MEDIUM5.5CVE-2016-9377Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows loca…from 0, < 4.7.1-r1
- MEDIUM5.5CVE-2016-10025VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to…from 0, < 4.7.1-r4
- MEDIUM5.5CVE-2016-5403The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumpt…from 0, < 4.7.0-r0
- MEDIUM5.3CVE-2023-46839PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the ID…from 0, < 4.16.5-r6
- MEDIUM5.3CVE-2022-33749XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit.from 0, < 4.15.4-r0
- MEDIUM5.3CVE-2020-27674An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory content…from 0, < 4.12.4-r0
- MEDIUM5.0CVE-2020-14364An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0.from 0, < 4.12.3-r3
- MEDIUM4.9CVE-2021-28700xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly f…from 0, < 4.13.3-r2
- MEDIUM4.7CVE-2024-2201A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak…from 0, < 4.16.6-r0
- MEDIUM4.7CVE-2023-46836The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.from 0, < 4.15.5-r3
- MEDIUM4.7CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction.from 0, < 4.15.5-r0
- MEDIUM4.7CVE-2022-27672When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode…from 0, < 4.16.4-r0
- MEDIUM4.7CVE-2022-33744Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mapp…from 0, < 4.15.4-r0
- from 0, < 4.12.3-r4
- MEDIUM4.6CVE-2022-23035Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involv…from 0, < 4.13.4-r3
- MEDIUM4.4CVE-2020-28368Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-chan…from 0, < 4.12.4-r0
- from 0, < 4.18.5-r1
- MEDIUM4.1CVE-2023-46840Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guest…from 0, < 0
- MEDIUM4.1CVE-2016-7094Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denia…from 0, < 4.7.0-r1
- LOW3.8CVE-2022-33747Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.from 0, < 4.15.4-r0
- LOW3.3CVE-2023-46837Arm provides multiple helpers to clean & invalidate the cache for a given region.from 0, < 4.16.5-r5
- LOW3.3CVE-2023-34321Arm provides multiple helpers to clean & invalidate the cache for a given region.from 0, < 4.15.5-r1
- LOW3.3CVE-2022-42336Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors require…from 0, < 4.17.1-r1
- from 0, < 4.7.1-r3
- LOW2.9CVE-2026-23553In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run.from 0, < 4.18.5-r4
- from 0, < 4.13.2-r3
- —CVE-2025-54518Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructio…from 0, < 4.18.5-r8
- —CVE-2025-54505A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor…from 0, < 4.18.5-r6
- from 0, < 4.17.5-r4
- from 0, < 4.14.5-r4
- from 0, < 4.11.2-r0
- from 0, < 4.11.2-r0