Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-33746 Improper Resource Shutdown or Release vulnerability in multiple products
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size.
local
low complexity
xen fedoraproject debian CWE-404
6.5
2022-10-11 CVE-2022-33748 Improper Handling of Exceptional Conditions vulnerability in multiple products
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.
local
high complexity
xen fedoraproject debian CWE-755
5.6
2022-10-11 CVE-2022-33749 Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit.
network
low complexity
xen CWE-770
5.3
2022-07-12 CVE-2022-29900 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
local
low complexity
xen debian fedoraproject amd CWE-212
6.5
2022-07-12 CVE-2022-29901 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data.
local
low complexity
intel xen fedoraproject vmware debian CWE-668
6.5
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
2022-06-15 CVE-2022-21123 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
2022-06-15 CVE-2022-21125 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
2022-06-15 CVE-2022-21127 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen intel debian CWE-459
5.5
2022-06-09 CVE-2022-26362 Race Condition vulnerability in multiple products
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.
local
high complexity
xen fedoraproject debian CWE-362
6.4