An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-12-08
Updated
2019-10-03
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
Max CVSS
5.6
EPSS Score
0.07%
Published
2018-06-21
Updated
2021-06-09
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
Max CVSS
8.6
EPSS Score
0.31%
Published
2016-04-13
Updated
2017-07-01
3 vulnerabilities found