CVE-2017-8903
- EPSS 0.49%
- Veröffentlicht 11.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
CVE-2017-8904
- EPSS 0.42%
- Veröffentlicht 11.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
CVE-2017-8905
- EPSS 0.42%
- Veröffentlicht 11.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
CVE-2017-7995
- EPSS 0.37%
- Veröffentlicht 03.05.2017 19:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project...
CVE-2017-7228
- EPSS 1.57%
- Veröffentlicht 04.04.2017 14:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory access...
CVE-2016-9815
- EPSS 0.46%
- Veröffentlicht 27.02.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
CVE-2016-9816
- EPSS 0.47%
- Veröffentlicht 27.02.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVE-2016-9817
- EPSS 0.46%
- Veröffentlicht 27.02.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVE-2016-9818
- EPSS 0.47%
- Veröffentlicht 27.02.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2016-9377
- EPSS 0.39%
- Veröffentlicht 22.02.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.