Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:x86:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-2150 |
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Published: March 12, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2045 |
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. Published: March 12, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2044 |
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. Published: March 12, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-1563 |
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. Published: February 09, 2015; 6:59:08 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-0361 |
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Published: January 07, 2015; 2:59:05 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-9066 |
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Published: December 09, 2014; 6:59:09 PM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-9065 |
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. Published: December 09, 2014; 6:59:08 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-8866 |
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. Published: December 01, 2014; 10:59:08 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-9030 |
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. Published: November 24, 2014; 10:59:19 AM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2014-8595 |
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. Published: November 19, 2014; 1:59:11 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2014-8594 |
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). Published: November 19, 2014; 1:59:10 PM -0500 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2014-7188 |
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. Published: October 02, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 8.3 HIGH |
CVE-2014-7156 |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. Published: October 02, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2014-7155 |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. Published: October 02, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-7154 |
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. Published: October 02, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2014-5149 |
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. Published: August 22, 2014; 10:55:08 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-5146 |
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. Published: August 22, 2014; 10:55:08 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-4021 |
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Published: June 18, 2014; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 2.7 LOW |
CVE-2014-3968 |
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. Published: June 05, 2014; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-3967 |
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. Published: June 05, 2014; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |