Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-34322 Improper Check for Dropped Privileges vulnerability in XEN
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.
local
low complexity
xen CWE-273
7.8
2024-01-05 CVE-2023-34325 Out-of-bounds Write vulnerability in XEN
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code.
local
low complexity
xen CWE-787
7.8
2024-01-05 CVE-2023-34326 Unspecified vulnerability in XEN
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.
local
low complexity
xen
7.8
2023-09-22 CVE-2023-34319 Out-of-bounds Write vulnerability in multiple products
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece.
local
low complexity
xen debian linux CWE-787
7.8
2023-06-07 CVE-2022-4949 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1.
network
low complexity
adsanityplugin xen CWE-434
8.8
2023-04-25 CVE-2022-42335 NULL Pointer Dereference vulnerability in multiple products
x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen fedoraproject CWE-476
7.8
2023-03-21 CVE-2022-42332 Use After Free vulnerability in multiple products
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen debian fedoraproject CWE-416
7.8
2023-03-21 CVE-2022-42333 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place.
network
low complexity
xen debian fedoraproject CWE-770
8.6
2023-01-26 CVE-2022-42330 Unspecified vulnerability in XEN 4.17.0
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g.
network
low complexity
xen
7.5
2022-11-01 CVE-2022-42309 Release of Invalid Pointer or Reference vulnerability in multiple products
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage.
local
low complexity
xen debian fedoraproject CWE-763
8.8