Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-13 CVE-2015-8552 Improper Input Validation vulnerability in multiple products
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
local
low complexity
xen canonical debian novell CWE-20
4.4
2016-02-19 CVE-2016-2271 Unspecified vulnerability in XEN 4.6.0/4.6.1
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
local
low complexity
xen
5.5
2016-02-19 CVE-2016-2270 Improper Input Validation vulnerability in multiple products
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
network
low complexity
debian fedoraproject xen oracle CWE-20
6.8
2016-01-22 CVE-2016-1571 Code vulnerability in multiple products
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
network
high complexity
citrix xen CWE-17
6.3
2016-01-08 CVE-2015-8615 7PK - Security Features vulnerability in XEN 4.6.0
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).
network
low complexity
xen CWE-254
5.0