pkg:Debian/xen
518 total CVEsCRITICAL19HIGH138MEDIUM184LOW12
✅ Check your installed version
All known vulnerabilities
- CRITICAL10.0CVE-2017-10921The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, wh…from 0, < 4.8.1-1+deb9u3
- CRITICAL10.0CVE-2017-10920The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_hos…from 0, < 4.8.1-1+deb9u3
- CRITICAL10.0CVE-2017-10918Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host…from 0, < 4.8.1-1+deb9u3
- from 0, < 4.8.1-1+deb9u3
- from 0, < 4.1.6.lts1-9
- from 0, < 4.4.1-9+deb8u10
- CRITICAL10.0CVE-2015-8104The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host…from 0, < 4.8.0~rc3-1
- from 0, < 4.4.0-1
- from 0, < 4.1.6.lts1-12
- CRITICAL9.9CVE-2017-2620Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.from 0, < 4.4.0-1
- from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
- CRITICAL9.8CVE-2025-58143[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0
- CRITICAL9.8CVE-2025-58142[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0
- CRITICAL9.8CVE-2025-27466[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0
- CRITICAL9.8CVE-2019-18425An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descrip…from 0, < 4.11.3+24-g14b62ab3e5-1
- CRITICAL9.8CVE-2017-10913The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows ba…from 0, < 4.8.1-1+deb9u3
- from 0, < 4.8.2+xsa245-0+deb9u1
- CRITICAL9.1CVE-2017-10917Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of servic…from 0, < 4.8.1-1+deb9u3
- CRITICAL9.0CVE-2017-10915The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest…from 0, < 4.8.1-1+deb9u3
- HIGH8.8CVE-2025-58150Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing.from 0
- HIGH8.8CVE-2022-42309Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during…from 0, < 4.14.5+86-g1c354767d5-1
- from 0, < 4.14.5+86-g1c354767d5-1
- from 0, < 4.14.5+86-g1c354767d5-1
- HIGH8.8CVE-2021-28708PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- HIGH8.8CVE-2021-28707PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- HIGH8.8CVE-2021-28704PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities co…from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.11.4+57-g41a822c392-2
- HIGH8.8CVE-2020-29040An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data…from 0, < 4.14.0+88-g1d1d1f5391-1
- HIGH8.8CVE-2020-15565An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain…from 0, < 4.11.4+24-gddaaccbbab-1
- HIGH8.8CVE-2020-11741An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information…from 0, < 4.11.4-1
- HIGH8.8CVE-2019-19578An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear p…from 0, < 4.11.3+24-g14b62ab3e5-1
- HIGH8.8CVE-2019-18423An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercal…from 0, < 4.11.3+24-g14b62ab3e5-1
- HIGH8.8CVE-2019-18422An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the…from 0, < 4.11.3+24-g14b62ab3e5-1
- HIGH8.8CVE-2019-17346An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an…from 0, < 4.11.1+92-g6c33308a8d-1
- HIGH8.8CVE-2019-17340An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-tab…from 0, < 4.11.1+92-g6c33308a8d-1
- HIGH8.8CVE-2018-19966An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain…from 0, < 4.11.1-1
- HIGH8.8CVE-2018-18883An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of s…from 0, < 4.11.1-1
- HIGH8.8CVE-2018-10982An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt num…from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
- HIGH8.8CVE-2018-7541An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by…from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- HIGH8.8CVE-2017-17045An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, o…from 0, < 4.8.2+xsa245-0+deb9u1
- HIGH8.8CVE-2017-15595An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consum…from 0, < 4.8.2+xsa245-0+deb9u1
- HIGH8.8CVE-2017-15594An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain pri…from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.4.4lts3-0+deb8u1
- HIGH8.8CVE-2017-15590An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain p…from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.4.4lts2-0+deb8u1
- from 0, < 4.8.2+xsa245-0+deb9u1
- HIGH8.8CVE-2017-12137arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.from 0, < 4.8.1-1+deb9u3
- HIGH8.8CVE-2017-12135Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vector…from 0, < 4.8.1-1+deb9u3
- HIGH8.8CVE-2017-8905Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the…from 0, < 4.8.0~rc3-1
- HIGH8.8CVE-2017-8904Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which mi…from 0, < 4.8.1-1+deb9u1
- HIGH8.8CVE-2017-8903Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitr…from 0, < 4.8.1-1+deb9u1
- HIGH8.8CVE-2016-9383Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive info…from 0, < 4.8.0-1
- HIGH8.8CVE-2016-6258The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges b…from 0, < 4.8.0~rc3-1
- from 0, < 4.4.0-1
- HIGH8.8CVE-2016-3960Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly…from 0, < 4.8.0~rc3-1
- HIGH8.6CVE-2022-42333x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…from 0, < 4.14.5+94-ge49571868d-1
- HIGH8.6CVE-2021-28706guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hyperca…from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- HIGH8.6CVE-2015-8555Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage gues…from 0, < 4.8.0~rc3-1
- HIGH8.5CVE-2016-1570The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive inf…from 0, < 4.8.0~rc3-1
- HIGH8.4CVE-2016-4480The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table…from 0, < 4.8.0~rc3-1
- from 0, < 4.1.6.lts1-6
- from 0, < 4.8.1-1
- from 0, < 4.1.6.lts1-2
- from 0, < 4.8.0~rc3-1
- from 0, < 4.4.1-9+deb8u7
- HIGH8.2CVE-2015-8550Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain…from 0, < 4.8.0~rc3-1
- HIGH8.1CVE-2017-10914The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial o…from 0, < 4.8.1-1+deb9u3
- from 0, < 4.8.0-1
- from 0, < 4.1.6.lts1-4
- HIGH7.8CVE-2026-23558The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a gr…from 0
- HIGH7.8CVE-2026-23554The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple mo…from 0
- HIGH7.8CVE-2023-34326The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices w…from 0
- HIGH7.8CVE-2023-34325[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage…from 0
- HIGH7.8CVE-2023-34322For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.from 0
- HIGH7.8CVE-2022-42335x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted…from 0, < 4.17.1+2-gb773c48e36-1
- HIGH7.8CVE-2022-42332x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Pa…from 0, < 4.14.5+94-ge49571868d-1
- HIGH7.8CVE-2022-26361IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.14.4+74-gd7b22226b5-1
- HIGH7.8CVE-2022-26360IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.14.4+74-gd7b22226b5-1
- HIGH7.8CVE-2022-26359IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.14.4+74-gd7b22226b5-1
- HIGH7.8CVE-2022-26358IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which as…from 0, < 4.14.4+74-gd7b22226b5-1
- from 0, < 4.14.4+74-gd7b22226b5-1
- from 0, < 4.14.4+74-gd7b22226b5-1
- HIGH7.8CVE-2021-28709issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/…from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- HIGH7.8CVE-2021-28705issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/…from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- HIGH7.8CVE-2021-28701Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.from 0, < 4.14.3-1~deb11u1
- HIGH7.8CVE-2021-28697grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.from 0, < 4.14.3-1~deb11u1
- HIGH7.8CVE-2021-27379An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possi…from 0, < 4.14.0+80-gd101b417b7-1
- HIGH7.8CVE-2020-27671An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause…from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.11.4+57-g41a822c392-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.11.4+37-g3263f257ca-1
- HIGH7.8CVE-2020-15567An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non…from 0, < 4.11.4+24-gddaaccbbab-1
- from 0, < 4.11.4+24-gddaaccbbab-1~deb10u1
- from 0, < 4.11.4-1
- HIGH7.8CVE-2019-17347An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a gues…from 0, < 4.11.1+92-g6c33308a8d-1
- HIGH7.8CVE-2019-17341An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…from 0, < 4.11.1+92-g6c33308a8d-1
- HIGH7.8CVE-2018-19963An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privi…from 0, < 4.11.1-1
- HIGH7.8CVE-2018-19962An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because sma…from 0, < 4.11.1-1
- from 0, < 4.11.1-1
- from 0, < 4.4.4lts5-0+deb8u1
- from 0, < 4.8.5+shim4.10.2+xsa282-1+deb9u11
- HIGH7.8CVE-2018-8897A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the…from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
- HIGH7.8CVE-2017-17566An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privil…from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- HIGH7.8CVE-2017-17564An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privilege…from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1
- from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.1.6.lts1-10
- HIGH7.8CVE-2017-12136Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free l…from 0, < 4.8.1-1+deb9u3
- from 0, < 4.8.0-1
- from 0, < 4.4.1-9+deb8u9
- from 0, < 4.1.6.lts1-5
- HIGH7.8CVE-2016-9386The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest user…from 0, < 4.8.0-1
- HIGH7.8CVE-2016-9382Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or ca…from 0, < 4.8.0-1
- from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- from 0, < 4.14.3+32-g9de3671772-1~deb11u1
- HIGH7.5CVE-2025-58149When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have.from 0
- HIGH7.5CVE-2025-58148[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Virid…from 0
- HIGH7.5CVE-2025-58147[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Virid…from 0
- HIGH7.5CVE-2025-58145[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0
- HIGH7.5CVE-2025-58144[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…from 0
- HIGH7.5CVE-2025-1713When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required.from 0
- HIGH7.5CVE-2024-31146When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective g…from 0
- HIGH7.5CVE-2024-31145Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Inte…from 0
- HIGH7.5CVE-2024-31143An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors.from 0
- HIGH7.5CVE-2024-31142Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used.from 0
- HIGH7.5CVE-2022-42330Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g.from 0, < 4.17.0+24-g2f8851c37f-2
- HIGH7.5CVE-2019-19583An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX…from 0, < 4.11.3+24-g14b62ab3e5-1
- HIGH7.5CVE-2019-18421An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pa…from 0, < 4.11.3+24-g14b62ab3e5-1
- HIGH7.5CVE-2017-10922The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of serv…from 0, < 4.8.1-1+deb9u3
- HIGH7.5CVE-2017-10916The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection…from 0, < 4.8.1-1+deb9u3
- HIGH7.5CVE-2016-9637The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest…from 0, < 4.4.0-1
- HIGH7.5CVE-2016-9381Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka…from 0, < 4.4.0-1
- HIGH7.5CVE-2016-9380The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to…from 0, < 4.8.0-1
- HIGH7.5CVE-2015-8554Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 H…from 0, < 4.4.0-1
- HIGH7.3CVE-2024-45817In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register.from 0
- HIGH7.2CVE-2019-19577An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges…from 0, < 4.11.3+24-g14b62ab3e5-1
- HIGH7.1CVE-2026-23555Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobber…from 0
- HIGH7.1CVE-2022-42327x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and wr…from 0, < 4.16.2+90-g0d39a6d1ae-1
- HIGH7.1CVE-2022-33742Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0
- HIGH7.1CVE-2022-33741Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0
- HIGH7.1CVE-2022-33740Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0
- HIGH7.1CVE-2022-26365Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…from 0
- HIGH7.1CVE-2021-28692inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) is…from 0, < 4.14.2+25-gb6a8c4f72d-1
- HIGH7.0CVE-2022-42320Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.from 0, < 4.14.5+86-g1c354767d5-1
- from 0, < 4.14.4+74-gd7b22226b5-1
- HIGH7.0CVE-2021-28703grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of m…from 0, < 4.14.0+80-gd101b417b7-1
- HIGH7.0CVE-2020-27672An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or…from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.14.0+80-gd101b417b7-1
- HIGH7.0CVE-2019-17342An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM6.8CVE-2021-28696IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities cor…from 0, < 4.14.3-1~deb11u1
- MEDIUM6.8CVE-2021-28695IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities cor…from 0, < 4.14.3-1~deb11u1
- from 0, < 4.14.3-1~deb11u1
- from 0, < 4.14.3-1~deb11u1
- MEDIUM6.8CVE-2019-19579An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domai…from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM6.8CVE-2019-18424An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domai…from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM6.8CVE-2019-17343An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM6.8CVE-2016-2270Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings…from 0, < 4.8.0~rc3-1
- MEDIUM6.7CVE-2022-26364x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+24-g87d90d511c-1
- MEDIUM6.7CVE-2022-26363x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+24-g87d90d511c-1
- MEDIUM6.7CVE-2016-7154Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service…from 0, < 4.6.0-1
- MEDIUM6.7CVE-2016-4962The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption…from 0, < 4.8.0~rc3-1
- MEDIUM6.6CVE-2019-19580An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pa…from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM6.5CVE-2026-23557Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.from 0
- MEDIUM6.5CVE-2024-45818The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode.from 0
- MEDIUM6.5CVE-2023-46842Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes.from 0
- MEDIUM6.5CVE-2023-46841Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET).from 0
- from 0, < 4.17.5+23-ga4e5191dc0-1
- from 0
- MEDIUM6.5CVE-2022-42334x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…from 0, < 4.14.5+94-ge49571868d-1
- MEDIUM6.5CVE-2022-42321Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42319Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate qui…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42318Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42317Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42316Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42315Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42314Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42313Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42312Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-42311Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-33746P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size.from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM6.5CVE-2022-23825Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosur…from 0, < 4.14.5+24-g87d90d511c-1
- MEDIUM6.5CVE-2022-29900Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-depen…from 0, < 4.14.5+24-g87d90d511c-1
- MEDIUM6.5CVE-2021-28690x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability.from 0, < 4.14.2+25-gb6a8c4f72d-1
- from 0, < 4.14.2+25-gb6a8c4f72d-1
- from 0, < 4.11.4+107-gef32c7afa2-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+80-gd101b417b7-1
- MEDIUM6.5CVE-2020-15566An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in even…from 0, < 4.11.4+24-gddaaccbbab-1
- MEDIUM6.5CVE-2020-15564An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check…from 0, < 4.11.4+24-gddaaccbbab-1
- MEDIUM6.5CVE-2020-15563An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash.from 0, < 4.11.4+24-gddaaccbbab-1
- MEDIUM6.5CVE-2019-19582An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit…from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM6.5CVE-2019-19581An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) becaus…from 0, < 4.11.3+24-g14b62ab3e5-1
- from 0, < 4.11.3+24-g14b62ab3e5-1
- from 0, < 4.8.5.final+shim4.10.4-1+deb9u12
- from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM6.5CVE-2019-18420An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall.from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM6.5CVE-2019-17348An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility bet…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM6.5CVE-2019-17345An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of fail…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM6.5CVE-2019-17344An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running oper…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM6.5CVE-2018-19967An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) be…from 0, < 4.11.1-1
- MEDIUM6.5CVE-2018-19964An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains…from 0, < 4.11.1-1
- from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
- from 0, < 4.4.4lts4-0+deb8u1
- from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
- from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
- from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
- from 0, < 4.1.6.lts1-14
- MEDIUM6.5CVE-2018-10471An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hyp…from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
- MEDIUM6.5CVE-2018-7542An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference…from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- from 0, < 4.1.6.lts1-13
- from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- MEDIUM6.5CVE-2017-17046An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a…from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.1.6.lts1-11
- MEDIUM6.5CVE-2017-15593An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference co…from 0, < 4.8.2+xsa245-0+deb9u1
- MEDIUM6.5CVE-2017-15591An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of…from 0, < 4.8.2+xsa245-0+deb9u1
- MEDIUM6.5CVE-2017-15589An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitr…from 0, < 4.8.2+xsa245-0+deb9u1
- from 0, < 4.8.2+xsa245-0+deb9u1
- MEDIUM6.5CVE-2017-12855Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use.from 0, < 4.8.1-1+deb9u3
- MEDIUM6.5CVE-2017-10923Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service…from 0, < 4.8.1-1+deb9u3
- MEDIUM6.5CVE-2017-10919Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka…from 0, < 4.8.1-1+deb9u3
- MEDIUM6.5CVE-2016-9818Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort whi…from 0, < 4.8.0-1
- MEDIUM6.5CVE-2016-9817Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetc…from 0, < 4.8.0-1
- MEDIUM6.5CVE-2016-9816Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort whi…from 0, < 4.8.0-1
- MEDIUM6.5CVE-2016-9815Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.from 0, < 4.8.0-1
- MEDIUM6.5CVE-2016-9384Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.from 0, < 4.8.0-1
- from 0, < 4.1.6.lts1-1
- from 0, < 4.4.0-1
- MEDIUM6.4CVE-2022-26362x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.from 0, < 4.14.5+24-g87d90d511c-1
- from 0, < 4.4.1-9+deb8u8
- from 0, < 4.8.0~rc3-1
- from 0, < 4.1.6.lts1-3
- MEDIUM6.3CVE-2016-1571The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization i…from 0, < 4.8.0~rc3-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- MEDIUM6.2CVE-2016-6259Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, whic…from 0, < 4.8.0~rc3-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10
- from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- MEDIUM6.0CVE-2017-15596An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) be…from 0, < 4.8.1-1+deb9u3
- MEDIUM6.0CVE-2016-10024Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the ins…from 0, < 4.8.0-1
- MEDIUM6.0CVE-2016-9385The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial…from 0, < 4.8.0-1
- MEDIUM5.7CVE-2024-2193A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre…from 0
- MEDIUM5.6CVE-2024-36357A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in t…from 0
- from 0
- MEDIUM5.6CVE-2022-33748lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.6CVE-2022-26356Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vra…from 0, < 4.14.4+74-gd7b22226b5-1
- MEDIUM5.6CVE-2019-11091Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM5.6CVE-2018-12130Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an aut…from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM5.6CVE-2018-12127Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authent…from 0, < 4.11.1+92-g6c33308a8d-1
- from 0, < 4.11.1+92-g6c33308a8d-1
- MEDIUM5.6CVE-2018-19965An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0]…from 0, < 4.11.1-1
- MEDIUM5.6CVE-2018-3646Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information resi…from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- from 0, < 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
- from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
- from 0, < 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
- MEDIUM5.6CVE-2018-10472An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via…from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
- from 0, < 4.11.1~pre+1.733450b39b-1
- from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
- from 0, < 4.11.1~pre+1.733450b39b-1
- MEDIUM5.6CVE-2017-17565An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log…from 0, < 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
- MEDIUM5.6CVE-2017-14317A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x.from 0, < 4.8.2+xsa245-0+deb9u1
- MEDIUM5.6CVE-2016-5242The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to caus…from 0, < 4.8.0~rc3-1
- from 0
- MEDIUM5.5CVE-2023-46835The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of D…from 0
- MEDIUM5.5CVE-2023-34328[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs s…from 0
- MEDIUM5.5CVE-2023-34327[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs s…from 0
- MEDIUM5.5CVE-2023-34323When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.from 0
- MEDIUM5.5CVE-2023-34320Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to…from 0
- MEDIUM5.5CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.from 0
- MEDIUM5.5CVE-2022-42331x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one…from 0, < 4.14.5+94-ge49571868d-1
- from 0, < 4.14.5+94-ge49571868d-1
- from 0, < 4.14.5+94-ge49571868d-1
- MEDIUM5.5CVE-2022-42326Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text expl…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.5CVE-2022-42325Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text expl…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.5CVE-2022-42324Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision.from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.5CVE-2022-42323Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.5CVE-2022-42322Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.5CVE-2022-42310Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious gues…from 0, < 4.14.5+86-g1c354767d5-1
- MEDIUM5.5CVE-2022-21166Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentiall…from 0, < 4.14.5+24-g87d90d511c-1
- MEDIUM5.5CVE-2022-21125Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable inf…from 0, < 4.14.5+24-g87d90d511c-1
- from 0, < 4.14.5+24-g87d90d511c-1
- from 0, < 4.14.5+24-g87d90d511c-1
- MEDIUM5.5CVE-2022-23034A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case wher…from 0, < 4.14.4+74-gd7b22226b5-1
- MEDIUM5.5CVE-2021-28699inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status.from 0, < 4.14.3-1~deb11u1
- MEDIUM5.5CVE-2021-28698long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a dom…from 0, < 4.14.3-1~deb11u1
- MEDIUM5.5CVE-2021-28693xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g.from 0, < 4.14.2+25-gb6a8c4f72d-1
- MEDIUM5.5CVE-2021-28689x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1.from 0
- MEDIUM5.5CVE-2021-28687HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and dis…from 0, < 4.14.2+25-gb6a8c4f72d-1
- MEDIUM5.5CVE-2021-26313Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative…from 0, < 4.14.2+25-gb6a8c4f72d-1
- from 0, < 4.11.4+99-g8bce4698f6-1
- from 0, < 4.14.1+11-gb0b734a8b3-1
- MEDIUM5.5CVE-2021-3308An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x.from 0, < 4.14.1+11-gb0b734a8b3-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+88-g1d1d1f5391-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.14.0+80-gd101b417b7-1
- MEDIUM5.5CVE-2020-11743An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP…from 0, < 4.11.4-1
- MEDIUM5.5CVE-2020-11742An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in…from 0, < 4.11.4-1
- MEDIUM5.5CVE-2020-11740An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive informati…from 0, < 4.11.4-1
- MEDIUM5.5CVE-2019-17349An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl…from 0, < 4.11.3+24-g14b62ab3e5-1
- MEDIUM5.5CVE-2019-17350An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-…from 0, < 4.11.3+24-g14b62ab3e5-1
- from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
- from 0, < 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
- MEDIUM5.5CVE-2017-14431Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by cont…from 0, < 4.8.1-1
- MEDIUM5.5CVE-2016-9378Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows loca…from 0, < 4.8.0-1
- MEDIUM5.5CVE-2016-9377Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows loca…from 0, < 4.8.0-1
- MEDIUM5.5CVE-2016-10025VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to…from 0, < 4.8.0-1
- MEDIUM5.5CVE-2016-3712Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process cr…from 0, < 4.4.0-1
- MEDIUM5.5CVE-2016-2271VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via…from 0, < 4.8.0~rc3-1
- MEDIUM5.3CVE-2023-46839PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the ID…from 0
- MEDIUM5.3CVE-2020-27674An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory content…from 0, < 4.14.0+80-gd101b417b7-1
- MEDIUM5.0CVE-2015-8615The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the ne…from 0, < 4.8.0~rc3-1
- MEDIUM4.9CVE-2021-28700xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly f…from 0, < 4.14.3-1~deb11u1
- MEDIUM4.7CVE-2024-2201A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak…from 0
- MEDIUM4.7CVE-2023-46836The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.from 0
- MEDIUM4.7CVE-2022-27672When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode…from 0, < 4.17.0+46-gaaf74a532c-1
- from 0, < 4.14.0+80-gd101b417b7-1
- from 0, < 4.8.0~rc3-1
- from 0, < 4.4.4lts1-0+deb8u1
- MEDIUM4.6CVE-2022-23035Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involv…from 0, < 4.14.4+74-gd7b22226b5-1
- MEDIUM4.4CVE-2020-28368Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-chan…from 0, < 4.14.0+80-gd101b417b7-1
- from 0
- MEDIUM4.1CVE-2023-46840Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guest…from 0, < 4.17.3+10-g091466ba55-1~deb12u1
- MEDIUM4.1CVE-2016-7094Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denia…from 0, < 4.8.0~rc3-1
- LOW3.8CVE-2022-33747Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.from 0, < 4.14.5+86-g1c354767d5-1
- LOW3.8CVE-2017-7995Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory read…from 0, < 4.3.0-1
- LOW3.8CVE-2016-3159The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 pro…from 0, < 4.8.0~rc3-1
- from 0, < 4.8.0~rc3-1
- from 0, < 4.4.1-9+deb8u5
- LOW3.3CVE-2023-46837Arm provides multiple helpers to clean & invalidate the cache for a given region.from 0
- LOW3.3CVE-2023-34321Arm provides multiple helpers to clean & invalidate the cache for a given region.from 0
- LOW3.3CVE-2022-42336Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors require…from 0, < 4.17.1+2-gb773c48e36-1
- from 0, < 4.1.6.lts1-8
- from 0, < 4.8.0~rc3-1
- LOW2.9CVE-2026-23553In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run.from 0
- from 0, < 4.14.0+88-g1d1d1f5391-1
- —CVE-2025-54518Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructio…from 0
- from 0
- —CVE-2025-54505A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor…from 0
- from 0
- from 0, < 4.17.5+72-g01140da4e8-1
- —CVE-2015-8341The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks whe…from 0, < 4.8.0~rc3-1
- —CVE-2015-8340The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS admi…from 0, < 4.8.0~rc3-1
- from 0, < 4.4.1-9+deb8u4
- from 0, < 4.8.0~rc3-1
- from 0, < 4.8.0~rc3-1
- from 0, < 4.4.1-9+deb8u6
- —CVE-2015-7812The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of se…from 0, < 4.6.0-1
- from 0, < 4.8.0~rc3-1
- —CVE-2015-7972The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x…from 0, < 4.6.0-1
- —CVE-2015-7971Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allow…from 0, < 4.6.0-1
- —CVE-2015-7970The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM…from 0, < 4.6.0-1
- —CVE-2015-7969Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of ser…from 0, < 4.6.0-1
- from 0, < 4.6.0-1
- from 0, < 4.1.4-3+deb7u9
- —CVE-2015-7814Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management…from 0, < 4.6.0-1
- —CVE-2015-7813Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows loca…from 0, < 4.6.0-1
- —CVE-2015-7311libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows loc…from 0, < 4.8.0~rc3-1
- —CVE-2015-6654The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messag…from 0, < 4.8.0~rc3-1
- from 0, < 4.4.0-1
- —CVE-2015-5166Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM gue…from 0, < 4.4.0-1
- from 0, < 4.4.0-1
- —CVE-2015-5154Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, al…from 0, < 4.4.0-1
- from 0, < 4.4.1-9+deb8u3
- from 0, < 4.6.0-1
- —CVE-2015-4164The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to…from 0, < 4.6.0-1
- —CVE-2015-4163GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause…from 0, < 4.6.0-1
- from 0, < 4.1.4-3+deb7u8
- from 0, < 4.4.0-1
- —CVE-2015-4106QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM…from 0, < 4.4.0-1
- —CVE-2015-4105Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of s…from 0, < 4.4.0-1
- —CVE-2015-4104Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of…from 0, < 4.4.0-1
- —CVE-2015-4103Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest admini…from 0, < 4.4.0-1
- from 0, < 4.1.4-3+deb7u6
- from 0, < 4.4.0-1
- —CVE-2015-3340Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information fro…from 0, < 4.6.0-1
- —CVE-2015-2756QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest use…from 0, < 4.2.0~rc2-1
- from 0, < 4.4.1-9
- from 0, < 4.1.6.1-1+deb7u1
- —CVE-2015-2751Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial o…from 0, < 4.4.1-9
- —CVE-2015-2152Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration di…from 0, < 4.4.1-9
- —CVE-2015-2151The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allow…from 0, < 4.4.1-8
- —CVE-2015-2045The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest user…from 0, < 4.4.1-8
- from 0, < 4.1.4-3+deb7u5
- from 0, < 4.4.1-8
- —CVE-2015-1563The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number me…from 0, < 4.4.1-7
- —CVE-2014-6268The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving…from 0, < 4.4.1-3
- —CVE-2015-0361Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted…from 0, < 4.4.1-7
- —CVE-2014-9066Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest user…from 0
- —CVE-2014-9065common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a den…from 0, < 4.4.1-6
- —CVE-2014-8867The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I…from 0, < 4.4.1-5
- —CVE-2014-8866The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit…from 0, < 4.4.1-5
- —CVE-2014-9030The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domain…from 0, < 4.4.1-4
- —CVE-2014-8595arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gai…from 0, < 4.4.1-4
- from 0, < 4.1.4-3+deb7u4
- from 0, < 4.4.1-4
- —CVE-2014-5148Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction…from 0, < 4.4.1-1
- —CVE-2014-7188The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which a…from 0, < 4.4.1-3
- —CVE-2014-7156The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions fo…from 0, < 4.4.1-3
- —CVE-2014-7155The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions…from 0, < 4.4.1-3
- —CVE-2014-7154Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tra…from 0, < 4.4.1-3
- —CVE-2014-5147Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address…from 0, < 4.4.1-1
- —CVE-2014-5149Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM…from 0, < 4.4.1-4
- —CVE-2014-5146Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are…from 0, < 4.4.1-4
- —CVE-2014-4021Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive i…from 0, < 4.4.1-1
- —CVE-2014-3968The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash…from 0, < 4.4.1-1
- —CVE-2014-3967The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allow…from 0, < 4.4.1-1
- —CVE-2014-3124The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor cras…from 0, < 4.4.1-1
- —CVE-2014-1896The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial…from 0, < 4.4.0-1
- —CVE-2014-1895Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of p…from 0, < 4.4.0-1
- —CVE-2014-2599The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators…from 0, < 4.4.1-1
- —CVE-2011-4111Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 all…from 0, < 4.4.0-1
- —CVE-2014-1950Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not…from 0, < 4.4.0-1
- —CVE-2014-1666The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_pre…from 0, < 4.4.0-1
- —CVE-2014-1642The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory…from 0, < 4.4.0-1
- —CVE-2013-4375The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to caus…from 0, < 4.2
- from 0, < 4.0.1-4
- from 0, < 4.1.0-1
- —CVE-2013-4553The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in…from 0, < 4.4.0-1
- —CVE-2013-6400Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes wh…from 0, < 4.4.0-1
- —CVE-2013-6375Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table…from 0, < 4.4.0-1
- —CVE-2013-4551Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME,…from 0, < 4.4.0-1
- —CVE-2013-4494Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest admin…from 0, < 4.4.0-1
- —CVE-2013-4371Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under…from 0, < 4.4.0-1
- —CVE-2013-4370The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, whic…from 0, < 4.4.0-1
- —CVE-2013-4369The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer…from 0, < 4.4.0-1
- —CVE-2013-4368The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized varia…from 0, < 4.4.0-1
- —CVE-2013-4356Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, whic…from 0, < 4.4.0-1
- from 0, < 4.2-1
- —CVE-2013-4361The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows…from 0, < 4.4.0-1
- —CVE-2013-4355Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) po…from 0, < 4.4.0-1
- —CVE-2013-1442Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRST…from 0, < 4.4.0-1
- —CVE-2013-4329The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough…from 0, < 4.3.0-1
- —CVE-2013-3495The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a…from 0, < 4.4.1-3
- —CVE-2013-2212The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O region…from 0, < 4.3.0-1
- —CVE-2013-2211The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and em…from 0, < 4.3.0-1
- —CVE-2013-2077Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of ser…from 0, < 4.2.2-1
- —CVE-2013-2076Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when…from 0, < 4.2.2-1
- from 0, < 4.1.4-3+deb7u3
- from 0, < 4.2.2-1
- from 0, < 4.1.4-3+deb7u2
- from 0, < 4.3.0-1
- —CVE-2013-2196Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain perm…from 0, < 4.3.0-1
- —CVE-2013-2195The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact vi…from 0, < 4.3.0-1
- —CVE-2013-2194Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to…from 0, < 4.3.0-1
- —CVE-2013-2078Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combi…from 0, < 4.2.2-1
- —CVE-2013-1964Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administ…from 0, < 4.1.4-3
- —CVE-2013-1952Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's…from 0, < 4.1.4-4
- —CVE-2013-1919Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a de…from 0, < 4.1.4-3
- from 0, < 4.0.1-5.11
- from 0, < 4.1.4-4
- from 0, < 4.0.1-5.10
- from 0, < 4.1.4-3
- —CVE-2013-0153The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remappin…from 0, < 4.1.4-2
- —CVE-2012-5634Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is beh…from 0, < 4.1.3-8
- from 0, < 4.1.3-8
- —CVE-2012-6333Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU c…from 0, < 4.1.3-8
- —CVE-2012-5515The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local gue…from 0, < 4.1.3-5
- —CVE-2012-5514The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they a…from 0, < 4.1.3-6
- —CVE-2012-5513The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrator…from 0, < 4.1.3-5
- —CVE-2012-5512Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (cra…from 0, < 4.1.3-5
- —CVE-2012-5511Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators t…from 0, < 4.1.3-5
- —CVE-2012-5510Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, w…from 0, < 4.1.3-5
- from 0, < 4.1.2-1
- from 0, < 4.0.1-5.5
- from 0, < 4.1.3-1
- from 0, < 4.0.1-5.3
- —CVE-2012-2934Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which…from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
- —CVE-2012-0218Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag…from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
- —CVE-2012-4538The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables,…from 0, < 4.1.3-4
- —CVE-2012-3433Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physi…from 0, < 4.1.3-1
- —CVE-2012-6036The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in…from 0, < 4.1.4-1
- —CVE-2012-6035The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which all…from 0, < 4.1.4-1
- —CVE-2012-6034The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transc…from 0, < 4.1.4-1
- —CVE-2012-6033The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows lo…from 0, < 4.1.4-1
- —CVE-2012-6032Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.…from 0, < 4.1.4-1
- —CVE-2012-6031The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service…from 0, < 4.1.4-1
- —CVE-2012-6030The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service…from 0, < 4.1.4-1
- —CVE-2012-4411The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qe…from 0, < 4.1.3-2
- from 0, < 4.1.3-2
- —CVE-2012-3498PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service…from 0, < 4.1.3-2
- —CVE-2012-3497(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent…from 0, < 4.1.4-1
- —CVE-2012-3496XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows…from 0, < 4.1.3-2
- —CVE-2012-3495The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the…from 0, < 4.1.3-2
- from 0, < 4.0.1-5.4
- from 0, < 4.1.3-2
- —CVE-2012-4539Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of ser…from 0, < 4.1.3-4
- —CVE-2012-4537Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fa…from 0, < 4.1.3-4
- —CVE-2012-4536The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of ser…from 0, < 4.1.3-4
- —CVE-2012-4535Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop an…from 0, < 4.1.3-4
- —CVE-2012-4544The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, whi…from 0, < 4.1.3-4
- from 0, < 4.1.3-4
- from 0, < 4.0.1-5.7
- from 0, < 4.0.1-5.2
- from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
- from 0, < 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
- —CVE-2011-3262tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infin…from 0, < 4.1.1-1
- —CVE-2011-1898Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows g…from 0, < 4.1.1-1
- —CVE-2011-1583Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of servi…from 0, < 4.1.1-1
- —CVE-2010-4255The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does no…from 0, < 4.0.1-2
- —CVE-2010-2938arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Lin…from 0, < 4.0.1-1