Vulnerabilities > XEN > Low

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-46837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Arm provides multiple helpers to clean & invalidate the cache for a given region.
local
low complexity
xen CWE-119
3.3
2024-01-05 CVE-2023-34321 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Arm provides multiple helpers to clean & invalidate the cache for a given region.
local
low complexity
xen CWE-119
3.3
2023-05-17 CVE-2022-42336 Unspecified vulnerability in XEN 4.17
Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads.
local
low complexity
xen
3.3
2022-10-11 CVE-2022-33747 Improper Resource Shutdown or Release vulnerability in multiple products
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.
local
low complexity
xen fedoraproject debian CWE-404
3.8
2020-12-15 CVE-2020-29480 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
2.3
2020-01-31 CVE-2015-6815 Infinite Loop vulnerability in multiple products
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
3.5
2017-05-03 CVE-2017-7995 Information Exposure vulnerability in multiple products
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure.
local
low complexity
xen novell suse CWE-200
3.8
2017-01-26 CVE-2016-9932 Information Exposure vulnerability in XEN
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
local
low complexity
xen CWE-200
3.3
2016-04-13 CVE-2016-3158 Improper Access Control vulnerability in multiple products
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
xen fedoraproject oracle CWE-284
3.8
2016-04-13 CVE-2016-3159 Improper Access Control vulnerability in multiple products
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.
local
low complexity
oracle xen fedoraproject debian CWE-284
3.8