Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-18 CVE-2016-4480 Permissions, Privileges, and Access Controls vulnerability in multiple products
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
local
low complexity
oracle xen CWE-264
7.2
2016-04-19 CVE-2016-3960 NULL pointer Dereference Remote Denial of Service vulnerability in Xen
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
local
low complexity
xen fedoraproject oracle
7.2
2016-04-12 CVE-2016-3157 Permissions, Privileges, and Access Controls vulnerability in multiple products
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
local
low complexity
xen canonical CWE-264
7.2
2015-12-17 CVE-2015-8341 Resource Management Errors vulnerability in XEN
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
network
low complexity
xen CWE-399
7.8
2015-12-17 CVE-2015-8338 7PK - Security Features vulnerability in XEN
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
local
low complexity
xen CWE-254
7.2
2015-10-30 CVE-2015-7835 Improper Input Validation vulnerability in XEN
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
local
low complexity
xen CWE-20
7.2
2015-08-12 CVE-2015-5166 Permissions, Privileges, and Access Controls vulnerability in multiple products
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
local
low complexity
fedoraproject xen CWE-264
7.2
2015-06-03 CVE-2015-4104 Permissions, Privileges, and Access Controls vulnerability in XEN
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
network
low complexity
xen CWE-264
7.8
2015-04-01 CVE-2015-2751 Code vulnerability in multiple products
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
7.1
2015-03-12 CVE-2015-2151 Permissions, Privileges, and Access Controls vulnerability in multiple products
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
local
low complexity
fedoraproject debian xen CWE-264
7.2