Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xen
(Xen)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/bonzini/qemu |
| #Vulnerabilities | 463 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-18 | CVE-2017-15590 | An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | Xen | 8.8 | ||
| 2017-09-13 | CVE-2017-14431 | Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. | Xen | 5.5 | ||
| 2017-09-12 | CVE-2017-14319 | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. | Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12137 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | Xenserver, Debian_linux, Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12135 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | Xenserver, Debian_linux, Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12134 | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | Xenserver, Xen | 8.8 | ||
| 2017-07-05 | CVE-2017-10921 | The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. | Xen | 10.0 | ||
| 2017-07-05 | CVE-2017-10920 | The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1. | Xen | 10.0 | ||
| 2017-07-05 | CVE-2017-10919 | Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. | Xen | 6.5 | ||
| 2017-07-05 | CVE-2017-10913 | The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1. | Xen | 9.8 |