Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-27 CVE-2018-7541 An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
local
low complexity
xen debian
8.8
2017-12-12 CVE-2017-17566 Unspecified vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
local
high complexity
xen
7.8
2017-12-12 CVE-2017-17564 7PK - Errors vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
local
high complexity
xen CWE-388
7.8
2017-12-12 CVE-2017-17563 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
local
high complexity
xen CWE-119
7.8
2017-11-28 CVE-2017-17045 Use After Free vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
local
low complexity
xen CWE-416
8.8
2017-10-18 CVE-2017-15595 Resource Exhaustion vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
local
low complexity
xen CWE-400
8.8
2017-10-18 CVE-2017-15594 Unspecified vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
local
low complexity
xen
8.8
2017-10-18 CVE-2017-15592 Exposure of Resource to Wrong Sphere vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
local
low complexity
xen CWE-668
8.8
2017-10-18 CVE-2017-15590 Unspecified vulnerability in XEN 4.9.0
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
local
low complexity
xen
8.8
2017-10-18 CVE-2017-15588 Race Condition vulnerability in XEN 4.9.0
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
local
high complexity
xen CWE-362
7.8