XEN : Security Vulnerabilities, CVEs, Published In 2015 (Overflow)
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.
Max CVSS
4.7
EPSS Score
0.06%
Published
2015-10-30
Updated
2017-07-01
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Max CVSS
7.2
EPSS Score
0.20%
Published
2015-08-12
Updated
2023-02-13
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
Max CVSS
7.7
EPSS Score
0.10%
Published
2015-05-13
Updated
2021-11-17
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
Max CVSS
6.8
EPSS Score
0.07%
Published
2015-07-16
Updated
2018-10-30
4 vulnerabilities found