Total
466 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | 4.6 MEDIUM | 7.9 HIGH |
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | |||||
CVE-2016-9378 | 1 Xen | 1 Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. | |||||
CVE-2016-9377 | 1 Xen | 1 Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. | |||||
CVE-2016-7777 | 1 Xen | 1 Xen | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | |||||
CVE-2016-7154 | 1 Xen | 1 Xen | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. | |||||
CVE-2016-7094 | 1 Xen | 1 Xen | 2024-11-21 | 1.5 LOW | 4.1 MEDIUM |
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. | |||||
CVE-2016-7093 | 1 Xen | 1 Xen | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. | |||||
CVE-2016-7092 | 1 Xen | 1 Xen | 2024-11-21 | 6.8 MEDIUM | 8.2 HIGH |
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | |||||
CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | 4.9 MEDIUM | 6.2 MEDIUM |
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | |||||
CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||||
CVE-2016-5242 | 1 Xen | 1 Xen | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. | |||||
CVE-2016-4963 | 1 Xen | 1 Xen | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | |||||
CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2024-11-21 | 6.8 MEDIUM | 6.7 MEDIUM |
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | |||||
CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |||||
CVE-2016-3961 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. | |||||
CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2024-11-21 | 1.7 LOW | 3.8 LOW |
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2024-11-21 | 1.7 LOW | 3.8 LOW |
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
CVE-2016-3157 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | |||||
CVE-2016-2271 | 1 Xen | 1 Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. |