Vulnerabilities > XEN > XEN > 4.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-34323 | NULL Pointer Dereference vulnerability in XEN When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. | 5.5 |
| 2024-01-05 | CVE-2023-34327 | Unspecified vulnerability in XEN [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | 5.5 |
| 2023-09-22 | CVE-2023-34319 | Out-of-bounds Write vulnerability in multiple products The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. | 7.8 |
| 2023-05-17 | CVE-2022-42336 | Unspecified vulnerability in XEN 4.17 Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. | 3.3 |
| 2023-03-21 | CVE-2022-42331 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. | 5.5 |
| 2023-03-21 | CVE-2022-42332 | Use After Free vulnerability in multiple products x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. | 7.8 |
| 2023-03-21 | CVE-2022-42333 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 8.6 |
| 2023-03-21 | CVE-2022-42334 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 6.5 |
| 2022-11-01 | CVE-2022-42319 | Memory Leak vulnerability in multiple products Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. | 6.5 |
| 2022-11-01 | CVE-2022-42325 | Memory Leak vulnerability in multiple products Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. | 5.5 |