Vulnerabilities > XEN > Low

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-46837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Arm provides multiple helpers to clean & invalidate the cache for a given region.
local
low complexity
xen CWE-119
3.3
2024-01-05 CVE-2023-34321 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Arm provides multiple helpers to clean & invalidate the cache for a given region.
local
low complexity
xen CWE-119
3.3
2023-05-17 CVE-2022-42336 Unspecified vulnerability in XEN 4.17
Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads.
local
low complexity
xen
3.3
2022-10-11 CVE-2022-33747 Improper Resource Shutdown or Release vulnerability in multiple products
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.
local
low complexity
xen fedoraproject debian CWE-404
3.8
2022-01-05 CVE-2021-28713 Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains".
local
low complexity
xen debian
2.1
2022-01-05 CVE-2021-28712 Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains".
local
low complexity
xen debian
2.1
2022-01-05 CVE-2021-28711 Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains".
local
low complexity
xen debian
2.1
2021-06-30 CVE-2021-28693 Unspecified vulnerability in XEN
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g.
local
low complexity
xen
2.1
2021-06-09 CVE-2021-26313 Information Exposure Through Discrepancy vulnerability in multiple products
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
local
low complexity
xen arm broadcom intel debian CWE-203
2.1
2020-12-15 CVE-2020-29480 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
2.3