CVE-2014-7188
- EPSS 0.86%
- Veröffentlicht 02.10.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other gues...
CVE-2014-5147
- EPSS 0.43%
- Veröffentlicht 29.08.2014 16:55:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
CVE-2014-5146
- EPSS 0.43%
- Veröffentlicht 22.08.2014 14:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking thes...
CVE-2014-5149
- EPSS 0.43%
- Veröffentlicht 22.08.2014 14:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page a...
CVE-2014-4022
- EPSS 0.54%
- Veröffentlicht 09.07.2014 14:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive...
CVE-2014-4021
- EPSS 0.68%
- Veröffentlicht 18.06.2014 19:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
CVE-2014-3967
- EPSS 0.71%
- Veröffentlicht 05.06.2014 20:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecif...
CVE-2014-3968
- EPSS 0.72%
- Veröffentlicht 05.06.2014 20:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
CVE-2014-3969
- EPSS 0.65%
- Veröffentlicht 05.06.2014 20:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
CVE-2014-3714
- EPSS 0.41%
- Veröffentlicht 19.05.2014 14:55:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer ...