An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
Max CVSS
9.1
EPSS Score
0.24%
Published
2017-10-30
Updated
2019-10-03
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-02-27
Updated
2017-07-28
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-02-27
Updated
2017-07-28
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-02-27
Updated
2017-07-28
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-02-27
Updated
2017-07-28
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-02-22
Updated
2017-07-28
6 vulnerabilities found