Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-21 CVE-2016-7093 Permissions, Privileges, and Access Controls vulnerability in XEN 4.5.3/4.6.3/4.7.0
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
local
low complexity
xen CWE-264
8.2
2016-09-21 CVE-2016-7092 Permissions, Privileges, and Access Controls vulnerability in XEN
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
local
low complexity
xen CWE-264
8.2
2016-08-02 CVE-2016-6258 Improper Access Control vulnerability in multiple products
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
local
low complexity
xen citrix CWE-284
8.8
2016-05-18 CVE-2016-4480 Permissions, Privileges, and Access Controls vulnerability in multiple products
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
local
low complexity
oracle xen CWE-264
8.4
2016-04-19 CVE-2016-3960 Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
local
low complexity
xen fedoraproject oracle
8.8
2016-04-14 CVE-2015-8554 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."
local
high complexity
xen CWE-119
7.5
2016-04-14 CVE-2015-8550 Improper Access Control vulnerability in multiple products
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
local
low complexity
xen novell CWE-284
8.2
2016-04-13 CVE-2015-8555 Information Exposure vulnerability in multiple products
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
network
low complexity
citrix xen CWE-200
8.6
2016-04-12 CVE-2016-3157 Permissions, Privileges, and Access Controls vulnerability in multiple products
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
local
low complexity
xen canonical CWE-264
7.8
2016-01-22 CVE-2016-1570 Improper Input Validation vulnerability in XEN
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
network
high complexity
xen CWE-20
8.5