Total
466 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-7188 | 1 Xen | 1 Xen | 2024-11-21 | 8.3 HIGH | N/A |
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. | |||||
CVE-2014-7156 | 1 Xen | 1 Xen | 2024-11-21 | 3.3 LOW | N/A |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. | |||||
CVE-2014-7155 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2024-11-21 | 5.8 MEDIUM | N/A |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | |||||
CVE-2014-7154 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2024-11-21 | 6.1 MEDIUM | N/A |
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. | |||||
CVE-2014-6268 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | N/A |
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU. | |||||
CVE-2014-5149 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-11-21 | 4.7 MEDIUM | N/A |
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. | |||||
CVE-2014-5148 | 1 Xen | 1 Xen | 2024-11-21 | 4.6 MEDIUM | N/A |
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. | |||||
CVE-2014-5147 | 1 Xen | 1 Xen | 2024-11-21 | 4.3 MEDIUM | N/A |
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | |||||
CVE-2014-5146 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-11-21 | 4.7 MEDIUM | N/A |
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. | |||||
CVE-2014-4022 | 1 Xen | 1 Xen | 2024-11-21 | 2.7 LOW | N/A |
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall. | |||||
CVE-2014-4021 | 1 Xen | 1 Xen | 2024-11-21 | 2.7 LOW | N/A |
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-3969 | 1 Xen | 1 Xen | 2024-11-21 | 7.4 HIGH | N/A |
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. | |||||
CVE-2014-3968 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-11-21 | 5.5 MEDIUM | N/A |
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. | |||||
CVE-2014-3967 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-11-21 | 5.5 MEDIUM | N/A |
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. | |||||
CVE-2014-3717 | 1 Xen | 1 Xen | 2024-11-21 | 3.3 LOW | N/A |
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. | |||||
CVE-2014-3716 | 1 Xen | 1 Xen | 2024-11-21 | 1.9 LOW | N/A |
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. | |||||
CVE-2014-3715 | 1 Xen | 1 Xen | 2024-11-21 | 3.3 LOW | N/A |
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. | |||||
CVE-2014-3714 | 1 Xen | 1 Xen | 2024-11-21 | 3.3 LOW | N/A |
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. | |||||
CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
CVE-2014-3125 | 1 Xen | 1 Xen | 2024-11-21 | 6.2 MEDIUM | N/A |
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. |