XEN : Security Vulnerabilities, CVEs, Published In May 2017 (Code Execution) CVSS score >= 8
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-05-11
Updated
2019-10-03
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-05-11
Updated
2019-10-03
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-05-11
Updated
2019-10-03
3 vulnerabilities found