CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

XEN » XEN » 4.3.0 : Security Vulnerabilities

Cpe Name:cpe:/o:xen:xen:4.3.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-4021 119 Overflow +Info 2014-06-18 2014-08-01
2.7
None Local Network Low Single system Partial None None
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
2 CVE-2014-3968 DoS 2014-06-05 2014-07-17
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
3 CVE-2014-3967 DoS 2014-06-05 2014-07-17
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
4 CVE-2014-3124 264 DoS Exec Code 2014-05-07 2014-06-18
6.7
None Local Network Low Single system Partial Partial Complete
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
5 CVE-2014-2599 20 DoS 2014-03-28 2014-03-31
4.9
None Local Low Not required None None Complete
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
6 CVE-2014-1950 399 DoS +Priv 2014-02-14 2014-04-19
4.6
None Local Low Not required Partial Partial Partial
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
7 CVE-2014-1896 20 DoS +Priv 2014-04-01 2014-04-19
4.9
None Local Network Medium Single system Partial Partial Partial
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
8 CVE-2014-1895 189 DoS +Info 2014-04-01 2014-04-19
5.8
None Local Network Medium Single system Partial None Complete
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.
9 CVE-2014-1891 189 DoS Overflow 2014-04-01 2014-04-19
5.2
None Local Network Medium Single system None None Complete
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.
10 CVE-2014-1666 264 DoS +Priv 2014-01-26 2014-04-19
8.3
None Local Network Low Not required Complete Complete Complete
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
11 CVE-2014-1642 399 DoS Exec Code Mem. Corr. 2014-01-26 2014-04-19
4.4
None Local Medium Not required Partial Partial Partial
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.
12 CVE-2013-6400 264 DoS +Priv 2013-12-13 2014-04-19
6.8
None Local Network High Not required Complete Complete Complete
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
13 CVE-2013-6375 264 DoS +Priv 2013-11-23 2014-01-03
7.9
None Local Network Medium Not required Complete Complete Complete
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."
14 CVE-2013-4554 264 +Priv 2013-12-24 2014-04-19
5.2
None Local Network Low Single system Partial Partial Partial
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
15 CVE-2013-4553 119 DoS Overflow 2013-12-24 2014-04-19
5.2
None Local Network Medium Single system None None Complete
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
16 CVE-2013-4551 20 DoS 2013-11-17 2014-01-03
5.7
None Local Network Medium Not required None None Complete
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."
17 CVE-2013-4494 20 DoS 2013-11-02 2014-04-19
5.2
None Local Network Medium Single system None None Complete
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
18 CVE-2013-4416 119 DoS Overflow 2013-11-02 2014-01-27
5.2
None Local Network Medium Single system None None Complete
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
19 CVE-2013-4375 399 DoS 2014-01-19 2014-03-05
2.7
None Local Network Low Single system None None Partial
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
20 CVE-2013-4371 399 DoS Exec Code Mem. Corr. 2013-10-17 2013-10-18
4.4
None Local Medium Not required Partial Partial Partial
Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.
21 CVE-2013-4370 119 DoS Exec Code Overflow Mem. Corr. 2013-10-17 2013-10-18
4.6
None Local Low Not required Partial Partial Partial
The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.
22 CVE-2013-4369 DoS 2013-10-17 2013-10-30
1.9
None Local Medium Not required None None Partial
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
23 CVE-2013-4368 200 +Info 2013-10-17 2014-04-19
1.9
None Local Medium Not required Partial None None
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.
24 CVE-2013-4361 200 +Info 2013-10-01 2014-04-19
2.1
None Local Low Not required Partial None None
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
25 CVE-2013-4356 264 DoS 2013-10-09 2013-10-10
5.4
None Local Network Medium Not required Partial Partial Partial
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).
26 CVE-2013-4355 200 +Info 2013-10-01 2014-04-19
1.5
None Local Medium Single system Partial None None
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.
27 CVE-2013-4344 119 Overflow +Priv 2013-10-04 2014-03-05
6.0
None Local High Single system Complete Complete Complete
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
28 CVE-2013-3495 264 DoS 2013-08-28 2013-10-07
4.7
None Local Medium Not required None None Complete
The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).
29 CVE-2013-2212 119 DoS Overflow 2013-08-28 2014-04-19
5.7
None Local Network Medium Not required None None Complete
The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.
30 CVE-2013-1442 200 +Info 2013-09-30 2014-04-19
1.2
None Local High Not required Partial None None
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.