Vulnerabilities > XEN > XEN > 4.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-09 | CVE-2013-4356 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.3.0 Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | 5.4 |
| 2013-10-01 | CVE-2013-4361 | Information Exposure vulnerability in XEN The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. | 2.1 |
| 2013-09-30 | CVE-2013-1442 | Information Exposure vulnerability in XEN Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. | 1.2 |
| 2013-08-28 | CVE-2013-3495 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). | 4.7 |
| 2013-08-28 | CVE-2013-2212 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. | 5.7 |