Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

xen xen 4.2.2 vulnerabilities and exploits

(subscribe to this query)
7.9
CVSSv2

CVE-2013-6375

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "in...
Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.3.0Xen Xen 4.3.1Opensuse Opensuse 13.1
4.9
CVSSv2

CVE-2014-1896

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."...
Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.4.0
7.4
CVSSv2

CVE-2013-1432

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecif...
Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5
4.7
CVSSv2

CVE-2013-1919

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."
Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2
4.7
CVSSv2

CVE-2013-1918

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and previous versions are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."
Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2
4.9
CVSSv2

CVE-2015-4163

GNTTABOP_swap_grant_ref in Xen 4.2 up to and including 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.4Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.5.0
4.7
CVSSv2

CVE-2014-5146

Certain MMU virtualization operations in Xen 4.2.x up to and including 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, whic...
Opensuse Opensuse 13.1Opensuse Opensuse 13.2Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.4.0
4.7
CVSSv2

CVE-2014-5149

Certain MMU virtualization operations in Xen 4.2.x up to and including 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest...
Opensuse Opensuse 13.1Opensuse Opensuse 13.2Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.4.0
5.5
CVSSv2

CVE-2014-3967

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.4.0Opensuse Opensuse 12.3Opensuse Opensuse 13.1Xen Xen 4.3.0Xen Xen 4.3.1
5.5
CVSSv2

CVE-2014-3968

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Opensuse Opensuse 12.3Opensuse Opensuse 13.1Xen Xen 4.4.0
Preferred Score:
CVSSv4
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
sourcecodesterCVE-2025-42599memory leakdifyCVE-2025-3826CVE-2025-30158tenableCVE-2025-2492cameraunprivilegedCVE-2025-3795CVE-2025-43918hiddenpearls
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook