Xen

Xen

476 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.7

CVE-2014-4021

  • EPSS 0.23%
  • Published 18.06.2014 19:55:04
  • Last modified 12.04.2025 10:46:40

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

5.5

CVE-2014-3967

  • EPSS 0.27%
  • Published 05.06.2014 20:55:06
  • Last modified 12.04.2025 10:46:40

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecif...

5.5

CVE-2014-3968

  • EPSS 0.41%
  • Published 05.06.2014 20:55:06
  • Last modified 12.04.2025 10:46:40

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.

7.4

CVE-2014-3969

  • EPSS 0.18%
  • Published 05.06.2014 20:55:06
  • Last modified 12.04.2025 10:46:40

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.

3.3

CVE-2014-3714

  • EPSS 0.18%
  • Published 19.05.2014 14:55:12
  • Last modified 12.04.2025 10:46:40

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer ...

3.3

CVE-2014-3715

  • EPSS 0.18%
  • Published 19.05.2014 14:55:12
  • Last modified 12.04.2025 10:46:40

Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.

1.9

CVE-2014-3716

  • EPSS 0.15%
  • Published 19.05.2014 14:55:12
  • Last modified 12.04.2025 10:46:40

Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.

3.3

CVE-2014-3717

  • EPSS 0.18%
  • Published 19.05.2014 14:55:12
  • Last modified 12.04.2025 10:46:40

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.

6.7

CVE-2014-3124

  • EPSS 0.56%
  • Published 07.05.2014 10:55:07
  • Last modified 12.04.2025 10:46:40

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page ta...

6.2

CVE-2014-3125

  • EPSS 0.33%
  • Published 02.05.2014 14:55:07
  • Last modified 12.04.2025 10:46:40

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.