Vulnerabilities > XEN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-19 | CVE-2014-3717 | Improper Input Validation vulnerability in XEN 4.4.0 Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. | 3.3 |
| 2014-05-19 | CVE-2014-3716 | Improper Input Validation vulnerability in XEN 4.4.0 Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. | 1.9 |
| 2014-05-19 | CVE-2014-3715 | Buffer Errors vulnerability in XEN 4.4.0 Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. | 3.3 |
| 2014-05-19 | CVE-2014-3714 | Improper Input Validation vulnerability in XEN 4.4.0 The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. | 3.3 |
| 2014-05-07 | CVE-2014-3124 | Permissions, Privileges, and Access Controls vulnerability in XEN The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. | 6.7 |
| 2014-05-02 | CVE-2014-3125 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0 Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. | 6.2 |
| 2014-04-28 | CVE-2014-2986 | Improper Input Validation vulnerability in XEN 4.4.0 The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. | 5.5 |
| 2014-04-24 | CVE-2014-2915 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0 Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers. | 5.5 |
| 2014-04-15 | CVE-2014-2580 | Resource Management Errors vulnerability in XEN The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface. | 4.4 |
| 2014-04-01 | CVE-2014-1896 | Improper Input Validation vulnerability in XEN The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring." | 4.9 |