Vulnerabilities > XEN > XEN > 4.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-24 | CVE-2021-28705 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |
2021-11-24 | CVE-2021-28709 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |
2021-11-24 | CVE-2021-28706 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. | 8.6 |
2021-09-08 | CVE-2021-28701 | Race Condition vulnerability in multiple products Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. | 7.8 |
2021-08-27 | CVE-2021-28697 | Race Condition vulnerability in multiple products grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. | 7.8 |
2021-08-27 | CVE-2021-28698 | Infinite Loop vulnerability in multiple products long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. | 5.5 |
2021-06-30 | CVE-2021-28692 | Improper Privilege Management vulnerability in XEN inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. | 5.6 |
2021-02-18 | CVE-2021-27379 | An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. | 5.9 |
2020-12-15 | CVE-2020-29486 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |
2020-12-15 | CVE-2020-29484 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |