Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

xen xen - vulnerabilities and exploits

(subscribe to this query)
5.5
CVSSv3

CVE-2017-14431

Memory leak in Xen 3.3 up to and including 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3
2.1
CVSSv2

CVE-2015-2044

The emulation routines for unspecified X86 devices in Xen 3.2.x up to and including 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
Xen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4
4.9
CVSSv2

CVE-2015-4103

Xen 3.3.x up to and including 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning mult...
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3Xen Xen 4.0.4
4.9
CVSSv2

CVE-2015-4105

Xen 3.3.x up to and including 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3
7.2
CVSSv2

CVE-2015-7835

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 up to and including 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3Xen Xen 4.0.4Xen Xen 4.1.0Xen Xen 4.1.1
2.1
CVSSv2

CVE-2015-7972

The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x up to and including 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM g...
Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3Xen Xen 4.0.4Xen Xen 4.1.0Xen Xen 4.1.1
4.7
CVSSv3

CVE-2016-4963

The libxl device-handling in Xen up to and including 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3Xen Xen 4.0.4Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6
6.3
CVSSv3

CVE-2016-1571

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x up to and including 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID...
Citrix XenserverXen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2
7.8
CVSSv2

CVE-2015-8341

The libxl toolstack library in Xen 4.1.x up to and including 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows malicious users to cause a denial of service (memory and disk consu...
Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6Xen Xen 4.1.6.1Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3
6.9
CVSSv2

CVE-2012-5513

The XENMEM_exchange handler in Xen 4.2 and previous versions does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor ...
Xen XenXen Xen 3.0.2Xen Xen 3.0.3Xen Xen 3.0.4Xen Xen 3.1.3Xen Xen 3.1.4Xen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
my erpmemory leakCVE-2022-50218CVE-2025-2783local usersjqlangCVE-2023-0386CVE-2024-54183brocadeCVE-2025-23121firewallwebmethodsCVE-2025-48886
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook