Vulnerabilities > XEN > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-34322 | Improper Check for Dropped Privileges vulnerability in XEN For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. | 7.8 |
| 2024-01-05 | CVE-2023-34325 | Out-of-bounds Write vulnerability in XEN [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. | 7.8 |
| 2024-01-05 | CVE-2023-34326 | Unspecified vulnerability in XEN The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. | 7.8 |
| 2023-09-22 | CVE-2023-34319 | Out-of-bounds Write vulnerability in multiple products The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. | 7.8 |
| 2023-06-07 | CVE-2022-4949 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. | 8.8 |
| 2023-04-25 | CVE-2022-42335 | NULL Pointer Dereference vulnerability in multiple products x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. | 7.8 |
| 2023-03-21 | CVE-2022-42332 | Use After Free vulnerability in multiple products x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. | 7.8 |
| 2023-03-21 | CVE-2022-42333 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 8.6 |
| 2023-01-26 | CVE-2022-42330 | Unspecified vulnerability in XEN 4.17.0 Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. | 7.5 |
| 2022-11-01 | CVE-2022-42309 | Release of Invalid Pointer or Reference vulnerability in multiple products Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. | 8.8 |