Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Vulnerable Source Files (1)
/arch/x86/hvm/hvm.c
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (xen4.0.1-rc1 version) |
Remediation Possible** |
Reachability |
| CVE-2020-27671 |
 High |
8.8 |
xen4.0.1-rc1 |
Direct |
All Xen users should upgrade to the latest version # emerge --sync |
|
|
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
=app-emulation/xen-tools-4.13.1-r5 >= | ❌| |
| CVE-2019-19583 | High | 8.7 | xen4.0.1-rc1 | Direct | 4.12.2 | ❌| |
| CVE-2012-6030 | High | 8.6 | xen4.0.1-rc1 | Direct | 4.3.0-rc1 | ❌| |
| CVE-2014-9030 | High | 8.2 | xen4.0.1-rc1 | Direct | 4.3.4-rc1,4.4.2-rc1 | ❌| |
| CVE-2015-7835 | High | 7.7 | xen4.0.1-rc1 | Direct | 4.7.0-rc1,4.0.0-branched | ❌| |
| CVE-2019-19580 | High | 7.5 | detected in multiple dependencies | Direct | 4.12.2 | ❌| |
| CVE-2017-12137 | High | 7.5 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version >= xen-4.9.1-r1
All Xen tools users should upgrade to the latest version >= xen-tools-4.9.1-r1
| ❌| |
| CVE-2016-3960 | High | 7.5 | detected in multiple dependencies | Direct | 6.38,7.43,8.0.4 | ❌| |
| CVE-2013-2195 | High | 7.5 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version >= xen-4.2.2-r1
All Xen-tools users should upgrade to the latest version >= xen-tools-4.2.2-r3
All Xen-pvgrub users should upgrade to the latest version >= xen-pvgrub-4.2.2-r1
| ❌| |
| CVE-2013-2194 | High | 7.5 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version >= xen-4.2.2-r1
All Xen-tools users should upgrade to the latest version >= xen-tools-4.2.2-r3
All Xen-pvgrub users should upgrade to the latest version >= xen-pvgrub-4.2.2-r1
| ❌| |
| CVE-2012-6035 | High | 7.5 | xen4.0.1-rc1 | Direct | 4.3.0-rc1 | ❌| |
| CVE-2012-3497 | High | 7.5 | detected in multiple dependencies | Direct | 4.3.0-rc1,RELEASE-4.3.0 | ❌| |
| CVE-2011-1898 | High | 7.5 | xen4.0.1-rc1 | Direct | 4.2.0-branched,RELEASE-4.2.0 | ❌| |
| CVE-2020-27672 | High | 7.3 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
=app-emulation/xen-tools-4.13.1-r5 >= | ❌| |
| CVE-2016-9382 | High | 7.3 | xen4.0.1-rc1 | Direct | 4.8.0-rc7 | ❌| |
| CVE-2016-7092 | High | 7.3 | xen4.0.1-rc1 | Direct | RELEASE-4.7.1, 4.8.0-rc1 | ❌| |
| CVE-2019-18420 | High | 7.1 | xen4.0.1-rc1 | Direct | 4.13.0-rc2 | ❌| |
| CVE-2015-7969 | 
Medium | 6.9 | xen4.0.1-rc1 | Direct | 4.7.0-rc1 | ❌| |
| CVE-2012-6032 | Medium | 6.9 | detected in multiple dependencies | Direct | 4.3.0-rc1 | ❌| |
| CVE-2012-4538 | Medium | 6.9 | xen4.0.1-rc1 | Direct | 4.3.0-rc1,RELEASE-4.3.0 | ❌| |
| CVE-2011-1166 | Medium | 6.9 | xen4.0.1-rc1 | Direct | 4.2.0-branched | ❌| |
| CVE-2020-29566 | Medium | 6.8 | detected in multiple dependencies | Direct | All Xen 4.14.x users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.14.2-r1
All Xen 4.15.x users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.15.0-r1 >= | ❌| |
| CVE-2020-25601 | Medium | 6.8 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
=app-emulation/xen-tools-4.13.1-r5 >= | ❌| |
| CVE-2018-12893 | Medium | 6.8 | xen4.0.1-rc1 | Direct | 2.4.30 | ❌| |
| CVE-2010-4255 | Medium | 6.0 | xen4.0.1-rc1 | Direct | 4.1.0-branched | ❌| |
| CVE-2012-6031 | Medium | 5.9 | xen4.0.1-rc1 | Direct | 4.3.0-rc1 | ❌| |
| CVE-2012-5511 | Medium | 5.9 | xen4.0.1-rc1 | Direct | 4.3.0-rc1,RELEASE-4.3.0 | ❌| |
| CVE-2020-25604 | Medium | 5.7 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
=app-emulation/xen-tools-4.13.1-r5 >= | ❌| |
| CVE-2019-18424 | Medium | 5.4 | xen4.0.1-rc1 | Direct | 4.13.0-rc2 | ❌| |
| CVE-2012-6036 | 
Low | 2.1 | xen4.0.1-rc1 | Direct | 4.3.0-rc1 | ❌| |
| CVE-2012-6034 | Low | 2.1 | detected in multiple dependencies | Direct | 4.3.0-rc1 | ❌| |
| CVE-2012-6033 | Low | 2.1 | xen4.0.1-rc1 | Direct | 4.3.0-rc1 | ❌| |
| CVE-2012-4535 | Low | 2.1 | xen4.0.1-rc1 | Direct | 4.3.0-rc1,RELEASE-4.3.0 | ❌| |
| CVE-2012-2934 | Low | 2.1 | xen4.0.1-rc1 | Direct | 4.2.0-branched | ❌| |
| CVE-2013-4355 | Low | 2.0 | xen4.0.1-rc1 | Direct | kernel-xen-debuginfo - 2.6.18,2.6.18,2.6.18;kernel-debuginfo-common - 2.6.18,2.6.18,2.6.18,2.6.18,2.6.18;kernel-headers - 2.6.18,2.6.18;kernel-PAE - 2.6.18;kernel-doc - 2.6.18;kernel-xen - 2.6.18,2.6.18;kernel-PAE-devel - 2.6.18;kernel-PAE-debuginfo - 2.6.18;kernel-debuginfo - 2.6.18,2.6.18,2.6.18,2.6.18,2.6.18;kernel-debug-devel - 2.6.18,2.6.18;kernel-kdump-debuginfo - 2.6.18,2.6.18;kernel-debug-debuginfo - 2.6.18,2.6.18,2.6.18,2.6.18,2.6.18;kernel-debug - 2.6.18,2.6.18;kernel-devel - 2.6.18,2.6.18;kernel - 2.6.18,2.6.18,2.6.18;kernel-xen-devel - 2.6.18,2.6.18 | ❌| |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (28 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2020-27671
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
Publish Date: 2020-10-22
URL: CVE-2020-27671
CVSS 4 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose
>=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2019-19583
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/hvm/vmx/vmx.c
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.
Publish Date: 2019-12-11
URL: CVE-2019-19583
CVSS 4 Score Details (8.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-19583
Release Date: 2019-12-11
Fix Resolution: 4.12.2
CVE-2012-6030
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/common/tmem.c
Vulnerability Details
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6030
CVSS 4 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6030
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
CVE-2014-9030
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
Publish Date: 2014-11-24
URL: CVE-2014-9030
CVSS 4 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-113.html
Release Date: 2014-11-24
Fix Resolution: 4.3.4-rc1,4.4.2-rc1
CVE-2015-7835
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Publish Date: 2015-10-30
URL: CVE-2015-7835
CVSS 4 Score Details (7.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7835
Release Date: 2015-10-30
Fix Resolution: 4.7.0-rc1,4.0.0-branched
CVE-2019-19580
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
Publish Date: 2019-12-11
URL: CVE-2019-19580
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-19580
Release Date: 2020-01-03
Fix Resolution: 4.12.2
CVE-2017-12137
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
Publish Date: 2017-08-24
URL: CVE-2017-12137
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201801-14
Release Date: 2018-01-14
Fix Resolution: All Xen users should upgrade to the latest version >= xen-4.9.1-r1
All Xen tools users should upgrade to the latest version >= xen-tools-4.9.1-r1
CVE-2016-3960
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Publish Date: 2016-04-19
URL: CVE-2016-3960
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-173.html
Release Date: 2016-04-19
Fix Resolution: 6.38,7.43,8.0.4
CVE-2013-2195
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.
Publish Date: 2013-08-23
URL: CVE-2013-2195
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201309-24.xml
Release Date: 2013-09-27
Fix Resolution: All Xen users should upgrade to the latest version >= xen-4.2.2-r1
All Xen-tools users should upgrade to the latest version >= xen-tools-4.2.2-r3
All Xen-pvgrub users should upgrade to the latest version >= xen-pvgrub-4.2.2-r1
CVE-2013-2194
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
Publish Date: 2013-08-23
URL: CVE-2013-2194
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201309-24.xml
Release Date: 2013-09-27
Fix Resolution: All Xen users should upgrade to the latest version >= xen-4.2.2-r1
All Xen-tools users should upgrade to the latest version >= xen-tools-4.2.2-r3
All Xen-pvgrub users should upgrade to the latest version >= xen-pvgrub-4.2.2-r1
CVE-2012-6035
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/common/tmem.c
Vulnerability Details
The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6035
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6035
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
CVE-2012-3497
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.
Publish Date: 2012-11-23
URL: CVE-2012-3497
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
CVE-2011-1898
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/apic.c
Vulnerability Details
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Publish Date: 2011-08-12
URL: CVE-2011-1898
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2011-08-12
Fix Resolution: 4.2.0-branched,RELEASE-4.2.0
CVE-2020-27672
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
Publish Date: 2020-10-22
URL: CVE-2020-27672
CVSS 4 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose
>=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2016-9382
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/hvm/hvm.c
Vulnerability Details
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
Publish Date: 2017-01-23
URL: CVE-2016-9382
CVSS 4 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-192.html
Release Date: 2017-01-23
Fix Resolution: 4.8.0-rc7
CVE-2016-7092
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
Publish Date: 2016-09-21
URL: CVE-2016-7092
CVSS 4 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2016-09-21
Fix Resolution: RELEASE-4.7.1, 4.8.0-rc1
CVE-2019-18420
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
Publish Date: 2019-10-31
URL: CVE-2019-18420
CVSS 4 Score Details (7.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
Release Date: 2019-10-31
Fix Resolution: 4.13.0-rc2
CVE-2015-7969
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
Publish Date: 2015-10-30
URL: CVE-2015-7969
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969
Release Date: 2015-10-30
Fix Resolution: 4.7.0-rc1
CVE-2012-6032
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6032
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
CVE-2012-4538
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/mm/shadow/multi.c
Vulnerability Details
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
Publish Date: 2012-11-24
URL: CVE-2012-4538
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538
Release Date: 2012-11-24
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
CVE-2011-1166
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Publish Date: 2014-01-07
URL: CVE-2011-1166
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
Release Date: 2014-01-07
Fix Resolution: 4.2.0-branched
CVE-2020-29566
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability.
Publish Date: 2020-12-15
URL: CVE-2020-29566
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202107-30
Fix Resolution: All Xen 4.14.x users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.14.2-r1
All Xen 4.15.x users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.15.0-r1 >=
CVE-2020-25601
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
Publish Date: 2020-09-23
URL: CVE-2020-25601
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose
>=app-emulation/xen-tools-4.13.1-r5 >=
CVE-2018-12893
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.
Publish Date: 2018-07-02
URL: CVE-2018-12893
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
Release Date: 2018-07-02
Fix Resolution: 2.4.30
CVE-2010-4255
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
Publish Date: 2011-01-25
URL: CVE-2010-4255
CVSS 4 Score Details (6.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4255
Release Date: 2011-01-25
Fix Resolution: 4.1.0-branched
CVE-2012-6031
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/common/tmem.c
Vulnerability Details
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6031
CVSS 4 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
CVE-2012-5511
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
/arch/x86/hvm/hvm.c
Vulnerability Details
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.
Publish Date: 2012-12-13
URL: CVE-2012-5511
CVSS 4 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2012-12-13
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
CVE-2020-25604
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
Publish Date: 2020-09-23
URL: CVE-2020-25604
CVSS 4 Score Details (5.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
# emerge --ask --oneshot --verbose
>=app-emulation/xen-tools-4.13.1-r5 >=
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Vulnerabilities
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
emerge --ask --oneshot --verbose >=app-emulation/xen-4.14.2-r1
All Xen 4.15.x users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.15.0-r1 >= | ❌| |
| CVE-2020-25601 |
Medium | 6.8 | xen4.0.1-rc1 | Direct | All Xen users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5
All Xen Tools users should upgrade to the latest version # emerge --sync
emerge --ask --oneshot --verbose
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
Publish Date: 2020-10-22
URL: CVE-2020-27671
CVSS 4 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.
Publish Date: 2019-12-11
URL: CVE-2019-19583
CVSS 4 Score Details (8.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-19583
Release Date: 2019-12-11
Fix Resolution: 4.12.2
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6030
CVSS 4 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6030
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
Publish Date: 2014-11-24
URL: CVE-2014-9030
CVSS 4 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-113.html
Release Date: 2014-11-24
Fix Resolution: 4.3.4-rc1,4.4.2-rc1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Publish Date: 2015-10-30
URL: CVE-2015-7835
CVSS 4 Score Details (7.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7835
Release Date: 2015-10-30
Fix Resolution: 4.7.0-rc1,4.0.0-branched
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
Publish Date: 2019-12-11
URL: CVE-2019-19580
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-19580
Release Date: 2020-01-03
Fix Resolution: 4.12.2
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
Publish Date: 2017-08-24
URL: CVE-2017-12137
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201801-14
Release Date: 2018-01-14
Fix Resolution: All Xen users should upgrade to the latest version >= xen-4.9.1-r1 All Xen tools users should upgrade to the latest version >= xen-tools-4.9.1-r1
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
Publish Date: 2016-04-19
URL: CVE-2016-3960
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-173.html
Release Date: 2016-04-19
Fix Resolution: 6.38,7.43,8.0.4
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.
Publish Date: 2013-08-23
URL: CVE-2013-2195
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201309-24.xml
Release Date: 2013-09-27
Fix Resolution: All Xen users should upgrade to the latest version >= xen-4.2.2-r1 All Xen-tools users should upgrade to the latest version >= xen-tools-4.2.2-r3 All Xen-pvgrub users should upgrade to the latest version >= xen-pvgrub-4.2.2-r1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
Publish Date: 2013-08-23
URL: CVE-2013-2194
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201309-24.xml
Release Date: 2013-09-27
Fix Resolution: All Xen users should upgrade to the latest version >= xen-4.2.2-r1 All Xen-tools users should upgrade to the latest version >= xen-tools-4.2.2-r3 All Xen-pvgrub users should upgrade to the latest version >= xen-pvgrub-4.2.2-r1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6035
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6035
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.
Publish Date: 2012-11-23
URL: CVE-2012-3497
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Publish Date: 2011-08-12
URL: CVE-2011-1898
CVSS 4 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2011-08-12
Fix Resolution: 4.2.0-branched,RELEASE-4.2.0
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
Publish Date: 2020-10-22
URL: CVE-2020-27672
CVSS 4 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
Publish Date: 2017-01-23
URL: CVE-2016-9382
CVSS 4 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xenbits.xen.org/xsa/advisory-192.html
Release Date: 2017-01-23
Fix Resolution: 4.8.0-rc7
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
Publish Date: 2016-09-21
URL: CVE-2016-7092
CVSS 4 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2016-09-21
Fix Resolution: RELEASE-4.7.1, 4.8.0-rc1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
Publish Date: 2019-10-31
URL: CVE-2019-18420
CVSS 4 Score Details (7.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
Release Date: 2019-10-31
Fix Resolution: 4.13.0-rc2
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
Publish Date: 2015-10-30
URL: CVE-2015-7969
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7969
Release Date: 2015-10-30
Fix Resolution: 4.7.0-rc1
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6032
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
Publish Date: 2012-11-24
URL: CVE-2012-4538
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538
Release Date: 2012-11-24
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Publish Date: 2014-01-07
URL: CVE-2011-1166
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
Release Date: 2014-01-07
Fix Resolution: 4.2.0-branched
Vulnerable Libraries - xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1, xen4.0.1-rc1
Vulnerability Details
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability.
Publish Date: 2020-12-15
URL: CVE-2020-29566
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202107-30
Fix Resolution: All Xen 4.14.x users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.14.2-r1 All Xen 4.15.x users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.15.0-r1 >=
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
Publish Date: 2020-09-23
URL: CVE-2020-25601
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.
Publish Date: 2018-07-02
URL: CVE-2018-12893
CVSS 4 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
Release Date: 2018-07-02
Fix Resolution: 2.4.30
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
Publish Date: 2011-01-25
URL: CVE-2010-4255
CVSS 4 Score Details (6.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4255
Release Date: 2011-01-25
Fix Resolution: 4.1.0-branched
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Publish Date: 2012-11-23
URL: CVE-2012-6031
CVSS 4 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6032
Release Date: 2012-11-23
Fix Resolution: 4.3.0-rc1
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.
Publish Date: 2012-12-13
URL: CVE-2012-5511
CVSS 4 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2012-12-13
Fix Resolution: 4.3.0-rc1,RELEASE-4.3.0
Vulnerable Library - xen4.0.1-rc1
Unofficial mirror of xenbits.xen.org/xen.git
Library home page: https://github.com/talex5/xen.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
Publish Date: 2020-09-23
URL: CVE-2020-25604
CVSS 4 Score Details (5.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/202011-06
Fix Resolution: All Xen users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-4.13.1-r5 All Xen Tools users should upgrade to the latest version # emerge --sync # emerge --ask --oneshot --verbose >=app-emulation/xen-tools-4.13.1-r5 >=