Vulnerabilities > XEN > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-16 | CVE-2015-7504 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | 8.8 |
| 2017-09-12 | CVE-2017-14319 | Unspecified vulnerability in XEN A grant unmapping issue was discovered in Xen through 4.9.x. | 8.8 |
| 2017-09-12 | CVE-2017-14316 | Out-of-bounds Read vulnerability in XEN A parameter verification issue was discovered in Xen through 4.9.x. | 8.8 |
| 2017-08-24 | CVE-2017-12137 | Classic Buffer Overflow vulnerability in multiple products arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | 8.8 |
| 2017-08-24 | CVE-2017-12136 | Race Condition vulnerability in multiple products Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | 7.8 |
| 2017-08-24 | CVE-2017-12135 | Incorrect Calculation vulnerability in multiple products Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | 8.8 |
| 2017-08-24 | CVE-2017-12134 | Incorrect Calculation vulnerability in multiple products The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | 8.8 |
| 2017-07-05 | CVE-2017-10922 | Resource Exhaustion vulnerability in XEN The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | 7.5 |
| 2017-07-05 | CVE-2017-10916 | Information Exposure vulnerability in XEN The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. | 7.5 |
| 2017-07-05 | CVE-2017-10914 | Double Free vulnerability in XEN The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | 8.1 |