Xen

Xen

479 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-15592

  • EPSS 0.11%
  • Veröffentlicht 18.10.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.

6.5

CVE-2017-15593

  • EPSS 0.07%
  • Veröffentlicht 18.10.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.

8.8

CVE-2017-15594

  • EPSS 0.07%
  • Veröffentlicht 18.10.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.

8.8

CVE-2017-15595

  • EPSS 0.68%
  • Veröffentlicht 18.10.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.

6

CVE-2017-15596

  • EPSS 0.08%
  • Veröffentlicht 18.10.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

8.8

CVE-2015-7504

  • EPSS 0.61%
  • Veröffentlicht 16.10.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

5.5

CVE-2017-14431

  • EPSS 0.13%
  • Veröffentlicht 13.09.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.

8.8

CVE-2017-14316

  • EPSS 0.07%
  • Veröffentlicht 12.09.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `M...

5.6

CVE-2017-14317

  • EPSS 0.14%
  • Veröffentlicht 12.09.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any p...

6.5

CVE-2017-14318

  • EPSS 0.2%
  • Veröffentlicht 12.09.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the ...