Filtered by vendor Xen
Subscribe
Total
469 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6333 | 1 Xen | 1 Xen | 2023-12-10 | 4.7 MEDIUM | N/A |
Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | |||||
CVE-2013-2212 | 1 Xen | 1 Xen | 2023-12-10 | 5.7 MEDIUM | N/A |
The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. | |||||
CVE-2011-3131 | 1 Xen | 1 Xen | 2023-12-10 | 4.6 MEDIUM | N/A |
Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. | |||||
CVE-2013-1964 | 1 Xen | 1 Xen | 2023-12-10 | 6.9 MEDIUM | N/A |
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | |||||
CVE-2012-4537 | 1 Xen | 1 Xen | 2023-12-10 | 2.1 LOW | N/A |
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | |||||
CVE-2012-3494 | 2 Citrix, Xen | 2 Xenserver, Xen | 2023-12-10 | 2.1 LOW | N/A |
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. | |||||
CVE-2012-6030 | 1 Xen | 1 Xen | 2023-12-10 | 7.2 HIGH | N/A |
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
CVE-2013-0154 | 1 Xen | 1 Xen | 2023-12-10 | 1.9 LOW | N/A |
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. | |||||
CVE-2013-2077 | 1 Xen | 1 Xen | 2023-12-10 | 5.2 MEDIUM | N/A |
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. | |||||
CVE-2012-3433 | 1 Xen | 1 Xen | 2023-12-10 | 4.9 MEDIUM | N/A |
Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. | |||||
CVE-2012-4535 | 1 Xen | 1 Xen | 2023-12-10 | 1.9 LOW | N/A |
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." | |||||
CVE-2013-1442 | 1 Xen | 1 Xen | 2023-12-10 | 1.2 LOW | N/A |
Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. | |||||
CVE-2013-4329 | 1 Xen | 1 Xen | 2023-12-10 | 6.5 MEDIUM | N/A |
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | |||||
CVE-2013-1917 | 1 Xen | 1 Xen | 2023-12-10 | 1.9 LOW | N/A |
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. | |||||
CVE-2013-4553 | 1 Xen | 1 Xen | 2023-12-10 | 5.2 MEDIUM | N/A |
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). | |||||
CVE-2013-1920 | 1 Xen | 1 Xen | 2023-12-10 | 4.4 MEDIUM | N/A |
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | |||||
CVE-2012-0218 | 1 Xen | 1 Xen | 2023-12-10 | 1.9 LOW | N/A |
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. | |||||
CVE-2012-5634 | 1 Xen | 1 Xen | 2023-12-10 | 6.1 MEDIUM | N/A |
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. | |||||
CVE-2013-2196 | 1 Xen | 1 Xen | 2023-12-10 | 6.9 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. | |||||
CVE-2013-1919 | 1 Xen | 1 Xen | 2023-12-10 | 4.7 MEDIUM | N/A |
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." |