|
|
XEN » XEN » 4.1.6 : Security Vulnerabilities
Cpe Name: cpe:/o:xen:xen:4.1.6
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-17347 |
20 |
|
DoS +Priv |
2019-10-07 |
2019-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). |
|
2 |
CVE-2019-17340 |
20 |
|
DoS +Priv |
2019-10-07 |
2019-10-10 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. |
|
3 |
CVE-2017-14431 |
772 |
|
DoS |
2017-09-13 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. |
|
4 |
CVE-2016-9932 |
200 |
|
+Info |
2017-01-26 |
2017-11-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. |
|
5 |
CVE-2016-4963 |
284 |
|
DoS |
2016-06-07 |
2018-09-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. |
|
6 |
CVE-2016-1571 |
17 |
|
DoS |
2016-01-22 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. |
|
7 |
CVE-2016-1570 |
20 |
|
DoS +Priv +Info |
2016-01-22 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates. |
|
8 |
CVE-2015-8552 |
20 |
|
DoS |
2016-04-13 |
2017-11-03 |
1.7 |
None |
Local |
Low |
Single system |
None |
None |
Partial |
|
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." |
|
9 |
CVE-2015-8341 |
399 |
|
DoS |
2015-12-17 |
2017-06-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. |
|
10 |
CVE-2015-8340 |
17 |
|
DoS |
2015-12-17 |
2017-06-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. |
|
11 |
CVE-2015-8339 |
19 |
|
DoS |
2015-12-17 |
2017-06-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. |
Total number of vulnerabilities : 11
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
