Vulnerabilities > XEN > XEN > 4.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-09 | CVE-2014-4022 | Information Exposure vulnerability in XEN 4.4.0 The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall. | 2.7 |
| 2014-06-18 | CVE-2014-4021 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. | 2.7 |
| 2014-06-05 | CVE-2014-3969 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0 Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. | 7.4 |
| 2014-06-05 | CVE-2014-3968 | Denial of Service vulnerability in Xen The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. | 5.5 |
| 2014-06-05 | CVE-2014-3967 | Denial of Service vulnerability in Xen 'HVM MSI injection' The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. | 5.5 |
| 2014-05-19 | CVE-2014-3717 | Improper Input Validation vulnerability in XEN 4.4.0 Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. | 3.3 |
| 2014-05-19 | CVE-2014-3716 | Improper Input Validation vulnerability in XEN 4.4.0 Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. | 1.9 |
| 2014-05-19 | CVE-2014-3715 | Buffer Errors vulnerability in XEN 4.4.0 Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. | 3.3 |
| 2014-05-19 | CVE-2014-3714 | Improper Input Validation vulnerability in XEN 4.4.0 The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. | 3.3 |
| 2014-05-07 | CVE-2014-3124 | Permissions, Privileges, and Access Controls vulnerability in XEN The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. | 6.7 |