Vulnerabilities > XEN > XEN > 4.2.5

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-34323 NULL Pointer Dereference vulnerability in XEN
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.
local
low complexity
xen CWE-476
5.5
2022-10-11 CVE-2022-33748 Improper Handling of Exceptional Conditions vulnerability in multiple products
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.
local
high complexity
xen fedoraproject debian CWE-755
5.6
2021-11-24 CVE-2021-28706 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit.
network
low complexity
xen fedoraproject debian CWE-770
8.6
2021-09-08 CVE-2021-28701 Race Condition vulnerability in multiple products
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
local
high complexity
xen debian fedoraproject CWE-362
7.8
2021-08-27 CVE-2021-28697 Race Condition vulnerability in multiple products
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.
local
low complexity
xen fedoraproject debian CWE-362
7.8
2021-08-27 CVE-2021-28698 Infinite Loop vulnerability in multiple products
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains.
local
low complexity
xen fedoraproject debian CWE-835
5.5
2021-06-30 CVE-2021-28692 Improper Privilege Management vulnerability in XEN
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands.
local
low complexity
xen CWE-269
5.6
2020-12-15 CVE-2020-29486 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-770
6.0
2020-12-15 CVE-2020-29484 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-476
6.0
2020-12-15 CVE-2020-29483 Use After Free vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-416
6.5