Vulnerabilities > XEN

DATE CVE VULNERABILITY TITLE RISK
2021-06-30 CVE-2021-28692 Improper Privilege Management vulnerability in XEN
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands.
local
low complexity
xen CWE-269
5.6
2021-06-30 CVE-2021-28693 Unspecified vulnerability in XEN
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g.
local
low complexity
xen
2.1
2021-06-29 CVE-2021-28690 Unspecified vulnerability in XEN
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability.
network
low complexity
xen
4.0
2021-06-11 CVE-2021-28687 Missing Initialization of Resource vulnerability in XEN
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions.
local
low complexity
xen CWE-909
4.9
2021-06-11 CVE-2021-28689 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1.
local
low complexity
xen CWE-119
2.1
2021-06-09 CVE-2021-26313 Exposure of Resource TO Wrong Sphere vulnerability in multiple products
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
local
low complexity
xen arm broadcom intel debian CWE-668
2.1
2021-06-09 CVE-2021-26314 Exposure of Resource TO Wrong Sphere vulnerability in multiple products
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
local
low complexity
xen arm broadcom intel CWE-668
2.1
2021-03-05 CVE-2021-28039 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen.
local
low complexity
linux xen CWE-400
2.1
2021-03-05 CVE-2021-28038 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV.
local
low complexity
linux xen debian CWE-770
4.9
2021-02-18 CVE-2021-27379 Improper Privilege Management vulnerability in XEN
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges.
local
xen CWE-269
5.9