Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-07 CVE-2016-7777 Race Condition vulnerability in XEN
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
local
high complexity
xen CWE-362
6.3
2016-09-21 CVE-2016-7154 Use After Free vulnerability in XEN
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.
local
low complexity
xen CWE-416
6.7
2016-09-21 CVE-2016-7094 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
local
high complexity
xen CWE-119
4.1
2016-08-02 CVE-2016-6259 Improper Input Validation vulnerability in multiple products
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
local
low complexity
xen citrix CWE-20
6.2
2016-06-07 CVE-2016-5242 Unspecified vulnerability in XEN
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
local
high complexity
xen
5.6
2016-06-07 CVE-2016-4963 Improper Access Control vulnerability in XEN
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
local
high complexity
xen CWE-284
4.7
2016-06-07 CVE-2016-4962 Permissions, Privileges, and Access Controls vulnerability in multiple products
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
local
low complexity
oracle xen CWE-264
6.7
2016-05-25 CVE-2014-3672 Resource Exhaustion vulnerability in multiple products
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
local
low complexity
redhat xen CWE-400
6.5
2016-04-15 CVE-2016-3961 Improper Input Validation vulnerability in multiple products
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
local
low complexity
canonical xen CWE-20
5.5
2016-04-13 CVE-2015-8553 Information Exposure vulnerability in multiple products
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.
local
low complexity
xen redhat CWE-200
6.5