Xen

Xen

491 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.43%
  • Veröffentlicht 30.10.2015 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

  • EPSS 0.28%
  • Veröffentlicht 30.10.2015 15:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using ...

  • EPSS 0.39%
  • Veröffentlicht 30.10.2015 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not pro...

  • EPSS 0.42%
  • Veröffentlicht 01.10.2015 20:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

  • EPSS 0.41%
  • Veröffentlicht 03.09.2015 14:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a d...

  • EPSS 0.43%
  • Veröffentlicht 12.08.2015 14:59:25
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

  • EPSS 13.29%
  • Veröffentlicht 12.08.2015 14:59:24
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

  • EPSS 0.63%
  • Veröffentlicht 12.08.2015 14:59:23
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

  • EPSS 0.39%
  • Veröffentlicht 16.07.2015 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.

  • EPSS 0.44%
  • Veröffentlicht 15.06.2015 15:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.