Vulnerabilities > XEN

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-21127 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen intel debian CWE-459
5.5
5.5
2022-06-09 CVE-2022-26362 Race Condition vulnerability in multiple products
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.
local
high complexity
xen fedoraproject debian CWE-362
6.4
6.4
2022-06-09 CVE-2022-26363 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count.
local
low complexity
xen fedoraproject debian
6.7
6.7
2022-06-09 CVE-2022-26364 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count.
local
low complexity
xen fedoraproject debian
6.7
6.7
2022-04-05 CVE-2022-26356 Improper Locking vulnerability in multiple products
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls.
local
high complexity
xen debian fedoraproject CWE-667
5.6
5.6
2022-04-05 CVE-2022-26357 Race Condition vulnerability in multiple products
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide.
local
high complexity
xen debian fedoraproject CWE-362
7.0
7.0
2022-04-05 CVE-2022-26358 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi.
local
low complexity
xen debian fedoraproject
7.8
7.8
2022-04-05 CVE-2022-26359 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi.
local
low complexity
xen debian fedoraproject
7.8
7.8
2022-04-05 CVE-2022-26360 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi.
local
low complexity
xen debian fedoraproject
7.8
7.8
2022-04-05 CVE-2022-26361 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi.
local
low complexity
xen debian fedoraproject
7.8
7.8