| Max CVSS | 7.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-1570 | 6.9 |
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page ident
|
30-10-2018 - 16:26 | 22-01-2016 - 15:59 | |
| CVE-2016-1571 | 4.7 |
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest add
|
30-10-2018 - 16:26 | 22-01-2016 - 15:59 | |
| CVE-2015-8550 | 5.7 |
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
|
04-11-2017 - 01:29 | 14-04-2016 - 14:59 | |
| CVE-2015-8340 | 4.7 |
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exc
|
01-07-2017 - 01:29 | 17-12-2015 - 19:59 | |
| CVE-2015-8555 | 5.0 |
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains
|
01-07-2017 - 01:29 | 13-04-2016 - 15:59 | |
| CVE-2015-8341 | 7.8 |
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory an
|
01-07-2017 - 01:29 | 17-12-2015 - 19:59 | |
| CVE-2015-8339 | 4.7 |
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain te
|
01-07-2017 - 01:29 | 17-12-2015 - 19:59 | |
| CVE-2016-2271 | 2.1 |
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL
|
01-07-2017 - 01:29 | 19-02-2016 - 16:59 | |
| CVE-2016-2270 | 4.6 |
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
|
01-07-2017 - 01:29 | 19-02-2016 - 16:59 |