Vulnerabilities > XEN > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-25 | CVE-2022-23033 | Improper Resource Shutdown or Release vulnerability in multiple products arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. | 7.8 |
| 2021-12-07 | CVE-2021-28703 | Unspecified vulnerability in XEN grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. | 7.0 |
| 2021-11-24 | CVE-2021-28705 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |
| 2021-11-24 | CVE-2021-28709 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |
| 2021-11-24 | CVE-2021-28704 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 8.8 |
| 2021-11-24 | CVE-2021-28706 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. | 8.6 |
| 2021-11-24 | CVE-2021-28707 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 8.8 |
| 2021-11-24 | CVE-2021-28708 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 8.8 |
| 2021-11-21 | CVE-2021-28710 | Improper Privilege Management vulnerability in multiple products certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. | 8.8 |
| 2021-10-06 | CVE-2021-28702 | Improper Privilege Management vulnerability in multiple products PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). | 7.6 |