Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:xen:xen:4.2.3
There are 163 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2014-3124

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.

Published: May 07, 2014; 6:55:07 AM -0400
V3.x:(not available)
V2.0: 6.7 MEDIUM
CVE-2014-1896

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."

Published: April 01, 2014; 2:35:53 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2014-1895

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

Published: April 01, 2014; 2:35:53 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-1891

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.

Published: April 01, 2014; 2:35:53 AM -0400
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2014-2599

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.

Published: March 28, 2014; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2014-1950

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.

Published: February 14, 2014; 10:55:06 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-1666

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

Published: January 26, 2014; 11:58:11 AM -0500
V3.x:(not available)
V2.0: 8.3 HIGH
CVE-2014-1642

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

Published: January 26, 2014; 11:58:11 AM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-4375

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.

Published: January 19, 2014; 1:55:02 PM -0500
V3.x:(not available)
V2.0: 2.7 LOW
CVE-2013-4554

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.

Published: December 24, 2013; 2:55:07 PM -0500
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2013-4553

The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).

Published: December 24, 2013; 2:55:07 PM -0500
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2013-6400

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.

Published: December 13, 2013; 1:55:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-6375

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

Published: November 23, 2013; 6:55:04 AM -0500
V3.x:(not available)
V2.0: 7.9 HIGH
CVE-2013-4551

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."

Published: November 17, 2013; 9:55:08 PM -0500
V3.x:(not available)
V2.0: 5.7 MEDIUM
CVE-2013-4416

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

Published: November 02, 2013; 3:55:04 PM -0400
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2013-4494

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.

Published: November 02, 2013; 2:55:03 PM -0400
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2013-4371

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

Published: October 17, 2013; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-4370

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.

Published: October 17, 2013; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2013-4369

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.

Published: October 17, 2013; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.

Published: October 17, 2013; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW