4.12.1

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-11	CVE-2019-19581	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. local low complexity xen fedoraproject CWE-119	6.5
2019-12-11	CVE-2019-19580	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. network high complexity xen fedoraproject CWE-362	6.6
2019-12-11	CVE-2019-19578	Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. local low complexity xen fedoraproject CWE-682	8.8
2019-12-11	CVE-2019-19577	Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. low complexity xen fedoraproject CWE-662	7.2
2019-12-04	CVE-2019-19579	Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. low complexity xen fedoraproject CWE-20	6.8
2019-10-31	CVE-2019-18425	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. network low complexity xen debian fedoraproject opensuse CWE-269 critical	9.8
2019-10-31	CVE-2019-18424	OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. low complexity xen debian fedoraproject opensuse CWE-78	6.8
2019-10-31	CVE-2019-18423	Off-by-one Error vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. network low complexity xen debian fedoraproject CWE-193	8.8
2019-10-31	CVE-2019-18422	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. network low complexity xen debian fedoraproject CWE-732	8.8
2019-10-31	CVE-2019-18421	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. network high complexity xen debian fedoraproject opensuse CWE-362	7.5