CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

XEN » XEN » 4.4.0 RC1 : Security Vulnerabilities

Cpe Name:cpe:/o:xen:xen:4.4.0:rc1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17347 20 DoS +Priv 2019-10-07 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
2 CVE-2019-17340 20 DoS +Priv 2019-10-07 2019-10-10
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
3 CVE-2017-15596 400 DoS 2017-10-18 2017-11-03
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.
4 CVE-2017-14431 772 DoS 2017-09-13 2019-10-02
4.9
None Local Low Not required None None Complete
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
5 CVE-2016-5242 DoS 2016-06-07 2016-11-28
4.7
None Local Medium Not required None None Complete
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
6 CVE-2016-4963 284 DoS 2016-06-07 2018-09-07
1.9
None Local Medium Not required None None Partial
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
7 CVE-2016-4962 264 DoS +Priv 2016-06-07 2016-11-28
6.8
None Local Low Single system Complete Complete Complete
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
8 CVE-2016-1571 17 DoS 2016-01-22 2018-10-30
4.7
None Local Medium Not required None None Complete
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
9 CVE-2016-1570 20 DoS +Priv +Info 2016-01-22 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
10 CVE-2015-7813 399 DoS 2015-10-30 2018-10-30
2.1
None Local Low Not required None None Partial
Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.
11 CVE-2015-7311 17 2015-10-01 2018-10-30
3.6
None Local Low Not required None Partial Partial
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
12 CVE-2015-4164 399 DoS 2015-06-15 2018-10-30
4.9
None Local Low Not required None None Complete
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
13 CVE-2015-4163 DoS 2015-06-15 2018-10-30
4.9
None Local Low Not required None None Complete
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
14 CVE-2015-3259 264 Overflow +Priv 2015-07-16 2018-10-30
6.8
None Local Low Single system Complete Complete Complete
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
15 CVE-2015-2751 17 DoS 2015-04-01 2018-10-30
7.1
None Remote Medium Not required None None Complete
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
16 CVE-2015-2151 264 DoS Exec Code Mem. Corr. +Info 2015-03-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
17 CVE-2015-2150 264 DoS 2015-03-12 2018-10-30
4.9
None Local Low Not required None None Complete
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
18 CVE-2015-2045 200 +Info 2015-03-12 2018-10-30
2.1
None Local Low Not required Partial None None
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
19 CVE-2015-2044 200 +Info 2015-03-12 2018-10-30
2.1
None Local Low Not required Partial None None
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
20 CVE-2015-1563 399 DoS 2015-02-09 2018-10-30
2.1
None Local Low Not required None None Partial
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.
21 CVE-2014-8866 17 DoS 2014-12-01 2018-10-30
4.7
None Local Medium Not required None None Complete
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
22 CVE-2014-7188 399 DoS 2014-10-02 2018-10-30
8.3
None Local Network Low Not required Complete Complete Complete
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.
23 CVE-2014-7156 264 DoS 2014-10-02 2018-10-30
3.3
None Local Network Low Not required None None Partial
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.
24 CVE-2014-7155 264 DoS +Priv 2014-10-02 2018-10-30
5.8
None Local Network Low Not required Partial Partial Partial
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
25 CVE-2014-7154 362 DoS 2014-10-02 2018-10-30
6.1
None Local Network Low Not required None None Complete
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
26 CVE-2014-6268 399 DoS 2015-01-12 2017-09-07
4.9
None Local Low Not required None None Complete
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.
27 CVE-2014-5147 264 DoS 2014-08-29 2018-10-30
4.3
None Local Network High Single system None None Complete
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
28 CVE-2014-4022 200 +Info 2014-07-09 2018-10-30
2.7
None Local Network Low Single system Partial None None
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.
29 CVE-2014-4021 119 Overflow +Info 2014-06-18 2018-10-30
2.7
None Local Network Low Single system Partial None None
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
30 CVE-2014-3969 264 +Priv 2014-06-05 2018-10-30
7.4
None Local Network Medium Single system Complete Complete Complete
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
31 CVE-2014-3968 DoS 2014-06-05 2018-10-30
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
32 CVE-2014-3967 DoS 2014-06-05 2018-10-30
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
33 CVE-2014-3717 20 DoS Overflow 2014-05-19 2018-10-30
3.3
None Local Medium Not required Partial None Partial
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.
34 CVE-2014-3716 20 DoS 2014-05-19 2018-10-30
1.9
None Local Medium Not required None None Partial
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
35 CVE-2014-3715 119 DoS Overflow 2014-05-19 2018-10-30
3.3
None Local Medium Not required Partial None Partial
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.
36 CVE-2014-3714 20 DoS Overflow 2014-05-19 2018-10-30
3.3
None Local Medium Not required Partial None Partial
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.
37 CVE-2014-3125 264 DoS 2014-05-02 2018-10-30
6.2
None Local Network Low Single system None Partial Complete
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.
38 CVE-2014-3124 264 DoS Exec Code 2014-05-07 2018-10-30
6.7
None Local Network Low Single system Partial Partial Complete
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.
39 CVE-2014-2986 20 DoS 2014-04-28 2018-10-30
5.5
None Local Network Low Single system None None Complete
The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.
40 CVE-2014-2915 264 DoS 2014-04-24 2018-10-30
5.5
None Local Network Low Single system None None Complete
Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
41 CVE-2014-1896 20 DoS +Priv 2014-04-01 2017-01-06
4.9
None Local Network Medium Single system Partial Partial Partial
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
Total number of vulnerabilities : 41   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.