Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:xen:xen:4.2.3
There are 183 matching records.
Displaying matches 181 through 183.
Vuln ID Summary CVSS Severity

Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.

Published: October 01, 2013; 1:55:03 PM -0400
V3.x:(not available)
V2.0: 1.5 LOW

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.

Published: September 30, 2013; 5:55:07 PM -0400
V3.x:(not available)
V2.0: 1.2 LOW

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.

Published: September 12, 2013; 2:37:43 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM