XEN : Security Vulnerabilities, CVEs, Published In February 2013
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.
Max CVSS
4.9
EPSS Score
0.06%
Published
2013-02-13
Updated
2017-08-29
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.
Max CVSS
4.7
EPSS Score
0.06%
Published
2013-02-14
Updated
2017-08-29
Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.
Max CVSS
4.7
EPSS Score
0.06%
Published
2013-02-13
Updated
2013-10-11
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.
Max CVSS
6.1
EPSS Score
0.24%
Published
2013-02-14
Updated
2014-04-19
4 vulnerabilities found