XEN : Security Vulnerabilities (CVSS score >= 9)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2017-15597	264	DoS Mem. Corr. +Info	2017-10-30	2018-10-19	9.0	None	Remote	Low	Single system	Complete	Complete	Complete
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
2	CVE-2017-10921	264	DoS Mem. Corr.	2017-07-04	2017-11-03	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.
3	CVE-2017-10920	264	DoS Mem. Corr.	2017-07-04	2017-11-03	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.
4	CVE-2017-10918	20		2017-07-04	2017-11-03	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
5	CVE-2017-10917	476	DoS +Info	2017-07-04	2017-11-03	9.4	None	Remote	Low	Not required	Complete	None	Complete
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
6	CVE-2017-10912	19		2017-07-04	2017-11-03	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
7	CVE-2017-2620	125	Exec Code	2018-07-27	2018-09-07	9.0	None	Remote	Low	Single system	Complete	Complete	Complete
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
8	CVE-2017-2615	125	Exec Code	2018-07-02	2018-09-07	9.0	None	Remote	Low	Single system	Complete	Complete	Complete
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Total number of vulnerabilities : 8 Page : 1 (This Page)