Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2015-01-07 CVE-2015-0361 Use After Free Denial of Service vulnerability in Xen
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
network
low complexity
xen opensuse
7.8
2014-11-24 CVE-2014-9030 Improper Input Validation vulnerability in multiple products
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
7.1
2014-10-02 CVE-2014-7188 Resource Management Errors vulnerability in XEN
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.
low complexity
xen CWE-399
8.3
2014-06-05 CVE-2014-3969 Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
7.4
2014-01-26 CVE-2014-1666 Permissions, Privileges, and Access Controls vulnerability in XEN
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
low complexity
xen CWE-264
8.3
2014-01-07 CVE-2011-1763 Unspecified vulnerability in XEN
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
low complexity
xen
7.7
2013-11-23 CVE-2013-6375 Permissions, Privileges, and Access Controls vulnerability in multiple products
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."
7.9
2013-08-28 CVE-2013-2211 Permissions, Privileges, and Access Controls vulnerability in XEN
The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
7.4
2013-08-28 CVE-2013-2072 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.
7.4
2013-08-28 CVE-2013-1432 Resource Management Errors vulnerability in XEN
Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.
7.4