Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-04-01 CVE-2014-1892 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
5.2
2014-04-01 CVE-2014-1891 Numeric Errors vulnerability in XEN
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.
5.2
2014-03-28 CVE-2014-2599 Improper Input Validation vulnerability in XEN
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
local
low complexity
xen CWE-20
4.9
2014-02-14 CVE-2014-1950 Resource Management Errors vulnerability in XEN
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
local
low complexity
xen CWE-399
4.6
2014-01-26 CVE-2014-1642 Resource Management Errors vulnerability in XEN
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.
local
xen CWE-399
4.4
2014-01-07 CVE-2011-1936 Denial-Of-Service vulnerability in Xen
Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.
high complexity
xen
4.6
2014-01-07 CVE-2011-1780 Improper Input Validation vulnerability in XEN 3.0.3
The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.
low complexity
xen CWE-20
6.1
2014-01-07 CVE-2011-1166 Improper Input Validation vulnerability in XEN
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
low complexity
xen CWE-20
5.5
2013-12-27 CVE-2011-2519 Null Pointer Dereference vulnerability in multiple products
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
low complexity
xen redhat CWE-476
5.5
2013-12-24 CVE-2013-4554 Permissions, Privileges, and Access Controls vulnerability in XEN
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
low complexity
xen CWE-264
5.2