Vulnerabilities > XEN

DATE CVE VULNERABILITY TITLE RISK
2019-10-08 CVE-2019-17348 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
local
low complexity
xen debian CWE-20
6.5
2019-10-08 CVE-2019-17347 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
local
low complexity
xen debian CWE-20
7.8
2019-10-08 CVE-2019-17346 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
local
low complexity
xen debian CWE-20
8.8
2019-10-08 CVE-2019-17345 An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
local
low complexity
xen debian
4.9
2019-10-08 CVE-2019-17344 Improper Synchronization vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
local
low complexity
xen debian CWE-662
4.9
2019-10-08 CVE-2019-17343 Improper Locking vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
local
low complexity
xen debian CWE-667
4.6
2019-10-08 CVE-2019-17342 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
local
high complexity
xen debian CWE-362
7.0
2019-10-08 CVE-2019-17341 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
local
high complexity
xen debian CWE-362
7.8
2019-10-08 CVE-2019-17340 Memory Leak vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
local
low complexity
xen debian CWE-401
6.1
2019-10-08 CVE-2019-17351 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
local
low complexity
xen linux CWE-770
4.9