Vulnerabilities > XEN > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-33746 | Improper Resource Shutdown or Release vulnerability in multiple products P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. | 6.5 |
| 2022-10-11 | CVE-2022-33748 | Improper Handling of Exceptional Conditions vulnerability in multiple products lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. | 5.6 |
| 2022-07-12 | CVE-2022-29900 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 |
| 2022-07-12 | CVE-2022-29901 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. | 6.5 |
| 2022-06-15 | CVE-2022-21166 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-15 | CVE-2022-21123 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-15 | CVE-2022-21125 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-15 | CVE-2022-21127 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-09 | CVE-2022-26362 | Race Condition vulnerability in multiple products x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. | 6.4 |
| 2022-06-09 | CVE-2022-26363 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. | 6.7 |