CVE-2015-2152
- EPSS 0.42%
- Veröffentlicht 18.03.2015 16:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY envi...
CVE-2015-2151
- EPSS 0.57%
- Veröffentlicht 12.03.2015 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly...
CVE-2015-2150
- EPSS 0.53%
- Veröffentlicht 12.03.2015 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) mem...
CVE-2015-2045
- EPSS 0.47%
- Veröffentlicht 12.03.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
CVE-2015-2044
- EPSS 0.41%
- Veröffentlicht 12.03.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
CVE-2015-0268
- EPSS 0.42%
- Veröffentlicht 16.02.2015 15:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD...
CVE-2015-1563
- EPSS 0.41%
- Veröffentlicht 09.02.2015 11:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.
CVE-2014-6268
- EPSS 0.42%
- Veröffentlicht 12.01.2015 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different ...
CVE-2015-0361
- EPSS 2.51%
- Veröffentlicht 07.01.2015 19:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
CVE-2014-9066
- EPSS 0.4%
- Veröffentlicht 09.12.2014 23:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read...