Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-34323 NULL Pointer Dereference vulnerability in XEN
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.
local
low complexity
xen CWE-476
5.5
2024-01-05 CVE-2023-34324 Resource Exhaustion vulnerability in multiple products
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g.
network
low complexity
xen linux CWE-400
4.9
2024-01-05 CVE-2023-34327 Unspecified vulnerability in XEN
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.
local
low complexity
xen
5.5
2024-01-05 CVE-2023-34328 Unspecified vulnerability in XEN
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.
local
low complexity
xen
5.5
2024-01-05 CVE-2023-46835 Unspecified vulnerability in XEN
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
local
low complexity
xen
5.5
2024-01-05 CVE-2023-46836 Unspecified vulnerability in XEN
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.
local
high complexity
xen
4.7
2023-12-08 CVE-2023-34320 Improper Locking vulnerability in multiple products
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.
local
low complexity
arm xen CWE-667
5.5
2023-11-10 CVE-2023-4949 Out-of-bounds Write vulnerability in multiple products
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
local
low complexity
gnu xen CWE-787
6.7
2023-08-11 CVE-2022-40982 Information Exposure Through Discrepancy vulnerability in multiple products
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
redhat xen intel debian netapp CWE-203
6.5
2023-08-08 CVE-2023-20588 Divide By Zero vulnerability in multiple products
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
local
low complexity
debian amd xen fedoraproject microsoft CWE-369
5.5