CVE-2015-7835
- EPSS 0.43%
- Veröffentlicht 30.10.2015 15:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
CVE-2015-7814
- EPSS 0.28%
- Veröffentlicht 30.10.2015 15:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using ...
CVE-2015-7813
- EPSS 0.39%
- Veröffentlicht 30.10.2015 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not pro...
CVE-2015-7311
- EPSS 0.42%
- Veröffentlicht 01.10.2015 20:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
CVE-2015-6654
- EPSS 0.41%
- Veröffentlicht 03.09.2015 14:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a d...
CVE-2015-5166
- EPSS 0.43%
- Veröffentlicht 12.08.2015 14:59:25
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
CVE-2015-5165
- EPSS 13.29%
- Veröffentlicht 12.08.2015 14:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-5154
- EPSS 0.63%
- Veröffentlicht 12.08.2015 14:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
CVE-2015-3259
- EPSS 0.39%
- Veröffentlicht 16.07.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
CVE-2015-4164
- EPSS 0.44%
- Veröffentlicht 15.06.2015 15:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.