Vulnerabilities in Xen

111 results
CVE-2022-42322Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains EPSS 0.3%CVE-2021-28710certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may EPSS 0.3%CVE-2022-42331x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one EPSS 0.3%CVE-2022-42309Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during EPSS 0.3%CVE-2022-42320Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, tEPSS 0.3%CVE-2022-42324Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C EPSS 0.3%CVE-2022-42321Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting aEPSS 0.3%CVE-2022-42319Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quitEPSS 0.3%CVE-2022-42332x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted PagEPSS 0.3%CVE-2022-42334x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabEPSS 0.3%CVE-2023-46841MEDIUMx86: shadow stack vs exceptions from emulation stubsEPSS 0.3%CVE-2022-33746P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. TherEPSS 0.3%CVE-2022-42336LOWMishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requiresEPSS 0.3%CVE-2022-42310Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guestEPSS 0.3%CVE-2022-42335x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted PEPSS 0.3%CVE-2023-46840MEDIUMVT-d: Failure to quarantine devices in !HVM buildsEPSS 0.3%CVE-2021-28697grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The mEPSS 0.3%CVE-2022-33747Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-MachEPSS 0.3%CVE-2021-28701Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pageEPSS 0.3%CVE-2023-34323MEDIUMxenstored: A transaction conflict can crash C XenstoredEPSS 0.3%