XEN : Security Vulnerabilities, CVEs, Published In 2015 (Memory corruption)

CVE-2015-5166

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Max CVSS
7.2
EPSS Score
0.06%
Published
2015-08-12
Updated
2018-10-30

CVE-2015-4163

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Max CVSS
4.9
EPSS Score
0.06%
Published
2015-06-15
Updated
2018-10-30

CVE-2015-2151

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.09%
Published
2015-03-12
Updated
2018-10-30

CVE-2015-0361

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
Max CVSS
7.8
EPSS Score
0.85%
Published
2015-01-07
Updated
2018-10-30
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close