Vulnerabilities > XEN > XEN > 4.9.1

DATE CVE VULNERABILITY TITLE RISK
2017-12-12 CVE-2017-17566 Unspecified vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
local
xen
6.9
6.9
2017-12-12 CVE-2017-17565 Improper Input Validation vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
local
xen CWE-20
4.7
4.7
2017-12-12 CVE-2017-17564 7PK - Errors vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
local
xen CWE-388
6.9
6.9
2017-12-12 CVE-2017-17563 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
local
xen CWE-119
6.9
6.9
2017-11-28 CVE-2017-17046 Information Exposure vulnerability in XEN
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.
local
low complexity
xen CWE-200
2.1
2.1
2017-11-28 CVE-2017-17045 Use After Free vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
local
low complexity
xen CWE-416
7.2
7.2
2017-11-28 CVE-2017-17044 Infinite Loop vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
local
low complexity
xen CWE-835
4.9
4.9