Vulnerabilities > XEN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-28702 | Improper Privilege Management vulnerability in XEN PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). | 4.6 |
| 2021-09-08 | CVE-2021-28701 | Improper Privilege Management vulnerability in XEN Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. | 4.4 |
| 2021-08-27 | CVE-2021-28694 | Improper Authentication vulnerability in multiple products IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. | 4.6 |
| 2021-08-27 | CVE-2021-28695 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. | 4.6 |
| 2021-08-27 | CVE-2021-28696 | Incorrect Authorization vulnerability in multiple products IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. | 4.6 |
| 2021-08-27 | CVE-2021-28697 | Improper Privilege Management vulnerability in multiple products grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. | 4.6 |
| 2021-08-27 | CVE-2021-28698 | Infinite Loop vulnerability in multiple products long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. | 4.9 |
| 2021-08-27 | CVE-2021-28699 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. | 4.9 |
| 2021-08-27 | CVE-2021-28700 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. | 6.8 |
| 2021-06-30 | CVE-2021-28692 | Improper Privilege Management vulnerability in XEN inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. | 5.6 |