XEN : Security Vulnerabilities, CVEs, Published In December 2013 (Denial of service)
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.26%
Published
2013-12-13
Updated
2017-01-07
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
Max CVSS
5.2
EPSS Score
0.06%
Published
2013-12-24
Updated
2017-01-07
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
Max CVSS
5.5
EPSS Score
0.06%
Published
2013-12-27
Updated
2020-12-08
3 vulnerabilities found