Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-11 CVE-2017-8904 Arbitrary Code Execution vulnerability in XEN 4.8.0/4.8.1
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
local
low complexity
xen
6.8
2017-02-27 CVE-2016-9818 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
local
low complexity
xen CWE-284
4.9
2017-02-27 CVE-2016-9817 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
local
low complexity
xen CWE-284
4.9
2017-02-27 CVE-2016-9816 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
local
low complexity
xen CWE-284
4.9
2017-02-27 CVE-2016-9815 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
local
low complexity
xen CWE-284
4.9
2017-01-26 CVE-2016-10024 Improper Input Validation vulnerability in multiple products
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
local
low complexity
xen citrix CWE-20
4.9
2017-01-26 CVE-2016-10013 Permissions, Privileges, and Access Controls vulnerability in XEN
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
local
low complexity
xen CWE-264
4.6
2017-01-23 CVE-2016-9386 Permissions, Privileges, and Access Controls vulnerability in multiple products
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
local
low complexity
citrix xen CWE-264
4.6
2017-01-23 CVE-2016-9385 Improper Input Validation vulnerability in multiple products
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
local
low complexity
xen citrix CWE-20
4.9
2017-01-23 CVE-2016-9382 Permissions, Privileges, and Access Controls vulnerability in multiple products
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
local
low complexity
xen citrix CWE-264
4.6