Search Results (Refine Search)
- CPE Product Version: cpe:/o:xen:xen:4.3.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-7971 |
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. Published: October 30, 2015; 11:59:07 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-7969 |
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. Published: October 30, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-7835 |
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. Published: October 30, 2015; 11:59:04 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-7814 |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. Published: October 30, 2015; 11:59:03 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2015-7311 |
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. Published: October 01, 2015; 4:59:06 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2015-5166 |
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Published: August 12, 2015; 10:59:25 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-5165 |
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Published: August 12, 2015; 10:59:24 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-5154 |
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Published: August 12, 2015; 10:59:23 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-4105 |
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. Published: June 03, 2015; 4:59:08 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-4104 |
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. Published: June 03, 2015; 4:59:07 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-4103 |
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. Published: June 03, 2015; 4:59:06 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-3340 |
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Published: April 28, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 2.9 LOW |
CVE-2015-2756 |
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Published: April 01, 2015; 10:59:08 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2752 |
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). Published: April 01, 2015; 10:59:06 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2751 |
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. Published: April 01, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-2152 |
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Published: March 18, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-0361 |
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Published: January 07, 2015; 2:59:05 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-9066 |
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Published: December 09, 2014; 6:59:09 PM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-9065 |
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. Published: December 09, 2014; 6:59:08 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-7155 |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. Published: October 02, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |