Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Vulnerable Source Files (1)
/arch/x86/x86_64/asm-offsets.c
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (xenRELEASE version) |
Remediation Possible** |
Reachability |
| CVE-2020-27671 |
 High |
8.8 |
xenRELEASE-4.0.1 |
Direct |
All Xen users should upgrade to the latest version # emerge --sync |
|
|
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
=app-emulation/xen-tools-4.13.1-r5 >= | ❌| |
| CVE-2015-2151 | High | 8.6 | xenRELEASE-4.0.1 | Direct | 4.4.3-rc1,4.5.1-rc1 | ❌| |
| CVE-2016-3960 | High | 7.5 | xenRELEASE-4.0.1 | Direct | 6.38,7.43,8.0.4 | ❌| |
| CVE-2020-25601 | 
Medium | 6.8 | xenRELEASE-4.0.1 | Direct | All Xen users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
=app-emulation/xen-tools-4.13.1-r5 >= | ❌| |
| CVE-2012-0218 | Medium | 5.9 | xenRELEASE-4.0.1 | Direct | 4.2.1-rc1,RELEASE-4.2.0 | ❌| |
| CVE-2019-18424 | Medium | 5.4 | xenRELEASE-4.0.1 | Direct | 4.13.0-rc2 | ❌| |
| CVE-2016-9932 | Medium | 5.1 | xenRELEASE-4.0.1 | Direct | 4.9.0-rc1 | ❌| |
| CVE-2012-4544 | Medium | 5.1 | xenRELEASE-4.0.1 | Direct | 4.3.0-rc1,RELEASE-4.3.0 | ❌| |
| CVE-2016-7777 | 
Low | 2.1 | xenRELEASE-4.0.1 | Direct | RELEASE-4.7.1, 4.8.0-rc2 | ❌| |
| CVE-2016-10013 | Low | 2.1 | xenRELEASE-4.0.1 | Direct | v4.13-rc6 | ❌| |
| CVE-2013-4361 | Low | 2.0 | xenRELEASE-4.0.1 | Direct | All Xen 4.3 users should upgrade to the latest version >= xen-4.3.2-r2
All Xen 4.2 users should upgrade to the latest version >= xen-4.2.4-r2
All xen-tools 4.3 users should upgrade to the latest version >= xen-tools-4.3.2-r2
All xen-tools 4.2 users should upgrade to the latest version >= xen-tools-4.2.4-r2
All Xen PVGRUB 4.3 users should upgrade to the latest version >= xen-pvgrub-4.3.2
All Xen PVGRUB 4.2 users should upgrade to the latest version >= xen-pvgrub-4.2.4
| ❌| |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-27671
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/mm.h
Vulnerability Details
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
Publish Date: 2020-10-22
URL: CVE-2020-27671
CVSS 4 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose
>=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2015-2151
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/x86_emulate/x86_emulate.c
Vulnerability Details
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
Publish Date: 2015-03-12
URL: CVE-2015-2151
CVSS 4 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-123.html
Release Date: 2015-03-12
Fix Resolution: 4.4.3-rc1,4.5.1-rc1
CVE-2016-3960
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Publish Date: 2016-04-19
URL: CVE-2016-3960
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-173.html
Release Date: 2016-04-19
Fix Resolution: 6.38,7.43,8.0.4
CVE-2020-25601
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
Publish Date: 2020-09-23
URL: CVE-2020-25601
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose
>=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2012-0218
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/x86_64/asm-offsets.c
Vulnerability Details
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.
Publish Date: 2012-12-03
URL: CVE-2012-0218
CVSS 4 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2012-12-03
Fix Resolution: 4.2.1-rc1,RELEASE-4.2.0
CVE-2019-18424
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
Publish Date: 2019-10-31
URL: CVE-2019-18424
CVSS 4 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
Release Date: 2019-10-31
Fix Resolution: 4.13.0-rc2
CVE-2016-9932
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/x86_emulate/x86_emulate.c
Vulnerability Details
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
Publish Date: 2017-01-26
URL: CVE-2016-9932
CVSS 4 Score Details (5.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932
Release Date: 2017-01-26
Fix Resolution: 4.9.0-rc1
CVE-2012-4544
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
Publish Date: 2012-10-31
URL: CVE-2012-4544
CVSS 4 Score Details (5.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2012-10-31
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
CVE-2016-7777
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
Publish Date: 2016-10-07
URL: CVE-2016-7777
CVSS 4 Score Details (2.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2016-10-07
Fix Resolution: RELEASE-4.7.1, 4.8.0-rc2
CVE-2016-10013
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/x86_emulate/x86_emulate.c
Vulnerability Details
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
Publish Date: 2017-01-26
URL: CVE-2016-10013
CVSS 4 Score Details (2.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-204.html
Release Date: 2017-01-26
Fix Resolution: v4.13-rc6
CVE-2013-4361
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/x86_emulate/x86_emulate.c
Vulnerability Details
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
Publish Date: 2013-10-01
URL: CVE-2013-4361
CVSS 4 Score Details (2.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201407-03.xml
Release Date: 2014-07-16
Fix Resolution: All Xen 4.3 users should upgrade to the latest version >= xen-4.3.2-r2
All Xen 4.2 users should upgrade to the latest version >= xen-4.2.4-r2
All xen-tools 4.3 users should upgrade to the latest version >= xen-tools-4.3.2-r2
All xen-tools 4.2 users should upgrade to the latest version >= xen-tools-4.2.4-r2
All Xen PVGRUB 4.3 users should upgrade to the latest version >= xen-pvgrub-4.3.2
All Xen PVGRUB 4.2 users should upgrade to the latest version >= xen-pvgrub-4.2.4
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Vulnerabilities
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
Publish Date: 2020-10-22
URL: CVE-2020-27671
CVSS 4 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
Publish Date: 2015-03-12
URL: CVE-2015-2151
CVSS 4 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-123.html
Release Date: 2015-03-12
Fix Resolution: 4.4.3-rc1,4.5.1-rc1
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Publish Date: 2016-04-19
URL: CVE-2016-3960
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-173.html
Release Date: 2016-04-19
Fix Resolution: 6.38,7.43,8.0.4
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
Publish Date: 2020-09-23
URL: CVE-2020-25601
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.
Publish Date: 2012-12-03
URL: CVE-2012-0218
CVSS 4 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2012-12-03
Fix Resolution: 4.2.1-rc1,RELEASE-4.2.0
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
Publish Date: 2019-10-31
URL: CVE-2019-18424
CVSS 4 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
Release Date: 2019-10-31
Fix Resolution: 4.13.0-rc2
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
Publish Date: 2017-01-26
URL: CVE-2016-9932
CVSS 4 Score Details (5.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932
Release Date: 2017-01-26
Fix Resolution: 4.9.0-rc1
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
Publish Date: 2012-10-31
URL: CVE-2012-4544
CVSS 4 Score Details (5.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2012-10-31
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
Publish Date: 2016-10-07
URL: CVE-2016-7777
CVSS 4 Score Details (2.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2016-10-07
Fix Resolution: RELEASE-4.7.1, 4.8.0-rc2
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
Publish Date: 2017-01-26
URL: CVE-2016-10013
CVSS 4 Score Details (2.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-204.html
Release Date: 2017-01-26
Fix Resolution: v4.13-rc6
Vulnerable Library - xenRELEASE-4.0.1
Mirror of the Xen Repository (PRs not accepted see: http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches)
Library home page: https://github.com/xen-project/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
Publish Date: 2013-10-01
URL: CVE-2013-4361
CVSS 4 Score Details (2.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201407-03.xml
Release Date: 2014-07-16
Fix Resolution: All Xen 4.3 users should upgrade to the latest version >= xen-4.3.2-r2 All Xen 4.2 users should upgrade to the latest version >= xen-4.2.4-r2 All xen-tools 4.3 users should upgrade to the latest version >= xen-tools-4.3.2-r2 All xen-tools 4.2 users should upgrade to the latest version >= xen-tools-4.2.4-r2 All Xen PVGRUB 4.3 users should upgrade to the latest version >= xen-pvgrub-4.3.2 All Xen PVGRUB 4.2 users should upgrade to the latest version >= xen-pvgrub-4.2.4