Vulnerabilities > XEN > XEN > 4.9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-07 | CVE-2020-15567 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. | 7.8 |
2020-07-07 | CVE-2020-15565 | Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. | 8.8 |
2020-07-07 | CVE-2020-15564 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. | 6.5 |
2020-07-07 | CVE-2020-15563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. | 6.5 |
2020-04-14 | CVE-2020-11743 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. | 5.5 |
2020-04-14 | CVE-2020-11742 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. | 5.5 |
2020-04-14 | CVE-2020-11741 | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. | 8.8 |
2020-04-14 | CVE-2020-11740 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. | 5.5 |
2020-04-14 | CVE-2020-11739 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. | 7.8 |
2019-12-11 | CVE-2019-19583 | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. | 7.5 |