Xen

Xen

476 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2016-7093

  • EPSS 0.06%
  • Published 21.09.2016 14:25:24
  • Last modified 12.04.2025 10:46:40

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

8.2

CVE-2016-7092

  • EPSS 0.07%
  • Published 21.09.2016 14:25:22
  • Last modified 12.04.2025 10:46:40

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

6.2

CVE-2016-6259

  • EPSS 0.2%
  • Published 02.08.2016 16:59:09
  • Last modified 12.04.2025 10:46:40

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering ...

8.8

CVE-2016-6258

  • EPSS 0.11%
  • Published 02.08.2016 16:59:08
  • Last modified 12.04.2025 10:46:40

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

5.6

CVE-2016-5242

  • EPSS 0.14%
  • Published 07.06.2016 14:06:17
  • Last modified 12.04.2025 10:46:40

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding r...

4.7

CVE-2016-4963

  • EPSS 0.05%
  • Published 07.06.2016 14:06:16
  • Last modified 12.04.2025 10:46:40

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.

6.8

CVE-2016-4962

  • EPSS 0.09%
  • Published 07.06.2016 14:06:15
  • Last modified 12.04.2025 10:46:40

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled ar...

6.5

CVE-2014-3672

  • EPSS 0.03%
  • Published 25.05.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

8.4

CVE-2016-4480

  • EPSS 0.17%
  • Published 18.05.2016 14:59:05
  • Last modified 12.04.2025 10:46:40

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a c...

8.8

CVE-2016-3960

  • EPSS 0.08%
  • Published 19.04.2016 14:59:03
  • Last modified 12.04.2025 10:46:40

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.