CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

XEN » XEN » 4.5.0 : Security Vulnerabilities

Cpe Name:cpe:/o:xen:xen:4.5.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17347 20 DoS +Priv 2019-10-07 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
2 CVE-2019-17340 20 DoS +Priv 2019-10-07 2019-10-10
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
3 CVE-2017-15596 400 DoS 2017-10-18 2017-11-03
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.
4 CVE-2017-15591 20 DoS 2017-10-18 2018-01-15
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.
5 CVE-2017-14431 772 DoS 2017-09-13 2019-10-02
4.9
None Local Low Not required None None Complete
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
6 CVE-2017-14318 476 2017-09-12 2017-11-29
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.
7 CVE-2017-12855 200 +Info 2017-08-15 2017-11-14
2.1
None Local Low Not required Partial None None
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
8 CVE-2017-10916 200 +Info 2017-07-04 2017-11-03
5.0
None Remote Low Not required Partial None None
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
9 CVE-2016-9932 200 +Info 2017-01-26 2017-11-03
2.1
None Local Low Not required Partial None None
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
10 CVE-2016-9385 20 DoS 2017-01-23 2017-06-30
4.9
None Local Low Not required None None Complete
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
11 CVE-2016-9382 264 DoS +Priv 2017-01-23 2017-06-30
4.6
None Local Low Not required Partial Partial Partial
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
12 CVE-2016-9378 284 DoS 2017-02-22 2017-07-27
2.1
None Local Low Not required None None Partial
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
13 CVE-2016-9377 682 DoS 2017-02-22 2017-07-27
2.1
None Local Low Not required None None Partial
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
14 CVE-2016-6259 20 DoS 2016-08-02 2016-08-03
4.9
None Local Low Not required None None Complete
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
15 CVE-2016-6258 284 +Priv 2016-08-02 2017-06-30
7.2
User Local Low Not required Complete Complete Complete
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
16 CVE-2016-5242 DoS 2016-06-07 2016-11-28
4.7
None Local Medium Not required None None Complete
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
17 CVE-2016-4963 284 DoS 2016-06-07 2018-09-07
1.9
None Local Medium Not required None None Partial
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
18 CVE-2016-4962 264 DoS +Priv 2016-06-07 2016-11-28
6.8
None Local Low Single system Complete Complete Complete
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
19 CVE-2016-1571 17 DoS 2016-01-22 2018-10-30
4.7
None Local Medium Not required None None Complete
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
20 CVE-2016-1570 20 DoS +Priv +Info 2016-01-22 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
21 CVE-2015-8555 200 +Info 2016-04-13 2017-06-30
5.0
None Remote Low Not required Partial None None
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
22 CVE-2015-8341 399 DoS 2015-12-17 2017-06-30
7.8
None Remote Low Not required None None Complete
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
23 CVE-2015-8340 17 DoS 2015-12-17 2017-06-30
4.7
None Local Medium Not required None None Complete
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.
24 CVE-2015-8339 19 DoS 2015-12-17 2017-06-30
4.7
None Local Medium Not required None None Complete
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
25 CVE-2015-8104 399 DoS 2015-11-16 2017-05-23
4.7
None Local Medium Not required None None Complete
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
26 CVE-2015-7972 399 DoS 2015-10-30 2018-10-30
2.1
None Local Low Not required None None Partial
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure."
27 CVE-2015-7971 19 DoS 2015-10-30 2018-10-30
2.1
None Local Low Not required None None Partial
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
28 CVE-2015-7969 399 DoS 2015-10-30 2018-10-30
4.9
None Local Low Not required None None Complete
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
29 CVE-2015-7835 20 +Priv 2015-10-30 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
30 CVE-2015-7813 399 DoS 2015-10-30 2018-10-30
2.1
None Local Low Not required None None Partial
Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.
31 CVE-2015-7812 254 DoS 2015-11-17 2018-10-30
4.9
None Local Low Not required None None Complete
The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.
32 CVE-2015-7311 17 2015-10-01 2018-10-30
3.6
None Local Low Not required None Partial Partial
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
33 CVE-2015-6654 264 DoS 2015-09-03 2016-12-07
2.1
None Local Low Not required None None Partial
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.
34 CVE-2015-5307 399 DoS 2015-11-16 2017-05-23
4.9
None Local Low Not required None None Complete
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
35 CVE-2015-5166 264 +Priv 2015-08-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
36 CVE-2015-5165 200 +Info 2015-08-12 2018-10-30
5.0
None Remote Low Not required Partial None None
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
37 CVE-2015-5154 119 Exec Code Overflow 2015-08-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
38 CVE-2015-4164 399 DoS 2015-06-15 2018-10-30
4.9
None Local Low Not required None None Complete
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
39 CVE-2015-4163 DoS 2015-06-15 2018-10-30
4.9
None Local Low Not required None None Complete
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
40 CVE-2015-4105 399 DoS 2015-06-03 2017-11-14
4.9
None Local Low Not required None None Complete
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
41 CVE-2015-4104 264 DoS 2015-06-03 2017-11-14
7.8
None Remote Low Not required None None Complete
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
42 CVE-2015-4103 264 DoS 2015-06-03 2017-11-14
4.9
None Local Low Not required None None Complete
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
43 CVE-2015-3456 119 DoS Exec Code Overflow 2015-05-13 2019-04-22
7.7
None Local Network Low Single system Complete Complete Complete
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
44 CVE-2015-3340 200 +Info 2015-04-28 2018-10-30
2.9
None Local Network Medium Not required Partial None None
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
45 CVE-2015-3259 264 Overflow +Priv 2015-07-16 2018-10-30
6.8
None Local Low Single system Complete Complete Complete
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
46 CVE-2015-3209 119 Exec Code Overflow 2015-06-15 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
47 CVE-2015-2756 264 DoS 2015-04-01 2018-10-30
4.9
None Local Low Not required None None Complete
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
48 CVE-2015-2752 20 DoS 2015-04-01 2018-10-30
4.9
None Local Low Not required None None Complete
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).
49 CVE-2015-2751 17 DoS 2015-04-01 2018-10-30
7.1
None Remote Medium Not required None None Complete
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
50 CVE-2015-2152 264 2015-03-18 2018-10-30
1.9
None Local Medium Not required None Partial None
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
Total number of vulnerabilities : 56   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.