Vulnerabilities > XEN > XEN > 4.1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-19577 | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. | 7.2 |
| 2019-12-04 | CVE-2019-19579 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. | 6.8 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-08 | CVE-2019-17349 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | 5.5 |
| 2019-10-08 | CVE-2019-17348 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. | 6.5 |
| 2019-10-08 | CVE-2019-17347 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). | 7.8 |
| 2019-10-08 | CVE-2019-17346 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. | 8.8 |
| 2019-10-08 | CVE-2019-17344 | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | 4.9 |
| 2019-10-08 | CVE-2019-17343 | Improper Locking vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | 4.6 |
| 2019-10-08 | CVE-2019-17342 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. | 7.0 |