Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

xen xen 4.5.0 vulnerabilities and exploits

(subscribe to this query)
0.001
EPSS

CVE-2015-6654

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and previous versions does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by ...
Xen Xen 4.4.0Xen Xen 4.5.0Xen Xen 4.5.1
0.000
EPSS

CVE-2015-0268

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register.
Xen Xen 4.5.0
0.001
EPSS

CVE-2015-7813

Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physde...
Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.5.0Xen Xen 4.5.1Xen Xen 4.6.0
0.001
EPSS

CVE-2015-7812

The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x up to and including 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.
Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.4.2Xen Xen 4.4.3Xen Xen 4.5.0Xen Xen 4.5.1Xen Xen 4.5.2Xen Xen 4.6.0
0.019
EPSS

CVE-2015-2751

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.2Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.5.0Fedoraproject Fedora 20Fedoraproject Fedora 21
0.001
EPSS

CVE-2015-2752

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x up to and including 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm)...
Fedoraproject Fedora 20Fedoraproject Fedora 21Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.2Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.5.0
0.001
EPSS

CVE-2015-4163

GNTTABOP_swap_grant_ref in Xen 4.2 up to and including 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.4Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.5.0
0.001
EPSS

CVE-2016-5242

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x up to and including 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them,...
Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.4.2Xen Xen 4.4.3Xen Xen 4.4.4Xen Xen 4.5.0Xen Xen 4.5.1Xen Xen 4.5.2Xen Xen 4.5.3Xen Xen 4.6.0Xen Xen 4.6.1
0.003
EPSS

CVE-2017-10916

The vCPU context-switch implementation in Xen up to and including 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
Xen Xen 4.5.0Xen Xen 4.5.1Xen Xen 4.5.2Xen Xen 4.5.3Xen Xen 4.5.5Xen Xen 4.6.0Xen Xen 4.6.1Xen Xen 4.6.2Xen Xen 4.6.4Xen Xen 4.6.5Xen Xen 4.7.1Xen Xen 4.8.0
0.007
EPSS

CVE-2015-8555

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and previous versions do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vect...
Citrix Xenserver 6.0Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.2Xen Xen 4.3.3Xen Xen 4.3.4Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.4.2Xen Xen 4.4.3Xen Xen 4.4.4Xen Xen 4.5.0
Preferred Score:
EPSS
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46485cross-site scriptingCVE-2025-34028sherpaCVE-2025-46506cross-site request forgerycovid-19 (coronavirus) update your customerscameraCVE-2025-46489availability calendarbas mattheeCVE-2025-46502CVE-2025-32433
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook