Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-24 | CVE-2013-4553 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). | 5.2 |
| 2013-12-13 | CVE-2013-6400 | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. | 6.8 |
| 2013-11-18 | CVE-2013-4551 | Improper Input Validation vulnerability in XEN Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." | 5.7 |
| 2013-11-02 | CVE-2013-4416 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. | 5.2 |
| 2013-11-02 | CVE-2013-4494 | Improper Input Validation vulnerability in multiple products Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. | 5.2 |
| 2013-10-17 | CVE-2013-4371 | Resource Management Errors vulnerability in XEN Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. | 4.4 |
| 2013-10-17 | CVE-2013-4370 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. | 4.6 |
| 2013-10-09 | CVE-2013-4356 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.3.0 Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | 5.4 |
| 2013-09-12 | CVE-2013-4329 | Permissions, Privileges, and Access Controls vulnerability in XEN The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | 6.5 |
| 2013-08-28 | CVE-2013-3495 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). | 4.7 |