| Max CVSS | 8.3 | Min CVSS | 4.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-6885 | 4.7 |
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, a
|
13-02-2023 - 00:29 | 29-11-2013 - 04:33 | |
| CVE-2014-1642 | 4.4 |
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memor
|
03-01-2018 - 02:29 | 26-01-2014 - 16:58 | |
| CVE-2014-1666 | 8.3 |
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service
|
03-01-2018 - 02:29 | 26-01-2014 - 16:58 | |
| CVE-2013-6400 | 6.8 |
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrato
|
07-01-2017 - 02:59 | 13-12-2013 - 18:55 | |
| CVE-2014-1896 | 4.9 |
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1895 | 5.8 |
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive infor
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1894 | 5.2 |
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1891 | 5.2 |
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1893 | 5.2 |
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecif
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1892 | 5.2 |
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2013-2212 | 5.7 |
The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GF
|
22-12-2016 - 02:59 | 28-08-2013 - 21:55 | |
| CVE-2014-1950 | 4.6 |
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management f
|
12-12-2014 - 03:01 | 14-02-2014 - 15:55 |