XEN : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service)
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.
Max CVSS
7.2
EPSS Score
0.07%
Published
2016-09-21
Updated
2017-04-10
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
Max CVSS
4.1
EPSS Score
0.07%
Published
2016-09-21
Updated
2017-07-01
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
Max CVSS
6.2
EPSS Score
0.18%
Published
2016-08-02
Updated
2016-08-04
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
Max CVSS
5.6
EPSS Score
0.06%
Published
2016-06-07
Updated
2016-11-28
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
Max CVSS
4.7
EPSS Score
0.05%
Published
2016-06-07
Updated
2018-09-07
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
Max CVSS
6.8
EPSS Score
0.05%
Published
2016-06-07
Updated
2016-11-28
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
Max CVSS
5.5
EPSS Score
0.06%
Published
2016-04-15
Updated
2016-11-28
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Max CVSS
8.8
EPSS Score
0.07%
Published
2016-04-19
Updated
2016-12-03
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-04-12
Updated
2016-12-03
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
Max CVSS
5.5
EPSS Score
0.06%
Published
2016-02-19
Updated
2017-07-01
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
Max CVSS
6.8
EPSS Score
0.48%
Published
2016-02-19
Updated
2017-07-01
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
Max CVSS
6.3
EPSS Score
0.21%
Published
2016-01-22
Updated
2018-10-30
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
Max CVSS
8.5
EPSS Score
0.16%
Published
2016-01-22
Updated
2018-10-30
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).
Max CVSS
5.0
EPSS Score
0.10%
Published
2016-01-08
Updated
2016-11-28
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
Max CVSS
4.4
EPSS Score
0.08%
Published
2016-04-13
Updated
2017-11-04
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
Max CVSS
8.2
EPSS Score
0.07%
Published
2016-04-14
Updated
2017-11-04
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
Max CVSS
6.5
EPSS Score
0.06%
Published
2016-05-25
Updated
2023-02-13
17 vulnerabilities found