| Advisory | Public release | Updated | Version | CVE(s) | Title |
|---|
| XSA-476 |
2025-10-24 12:13 | 2025-10-24 12:13 |
1 |
CVE-2025-58149 |
Incorrect removal of permissions on PCI device unplug |
| XSA-475 |
2025-10-21 11:59 | 2025-10-21 11:59 |
2 |
CVE-2025-58147 CVE-2025-58148 |
x86: Incorrect input sanitisation in Viridian hypercalls |
| XSA-474 |
2025-09-09 11:53 | 2025-09-09 11:53 |
2 |
CVE-2025-58146 |
XAPI UTF-8 string handling |
| XSA-473 |
2025-09-09 11:53 | 2025-09-09 11:53 |
2 |
CVE-2025-58144 CVE-2025-58145 |
Arm issues with page refcounting |
| XSA-472 |
2025-09-09 11:53 | 2025-09-09 11:53 |
2 |
CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 |
Mutiple vulnerabilities in the Viridian interface |
| XSA-471 |
2025-07-08 14:07 | 2025-11-05 12:56 |
3 |
CVE-2024-36350 CVE-2024-36357 |
x86: Transitive Scheduler Attacks |
| XSA-470 |
2025-07-01 11:56 | 2025-07-01 11:56 |
2 |
CVE-2025-27465 |
x86: Incorrect stubs exception handling for flags recovery |
| XSA-469 |
2025-05-12 17:04 | 2025-05-12 17:14 |
2 |
CVE-2024-28956 |
x86: Indirect Target Selection |
| XSA-468 |
2025-05-27 11:37 | 2025-05-27 11:37 |
3 |
CVE-2025-27462 CVE-2025-27463 CVE-2025-27464 |
WinPVDrivers: Excessive permissions on user-exposed devices |
| XSA-467 |
2025-02-27 12:52 | 2025-02-27 12:52 |
1 |
CVE-2025-1713 |
deadlock potential with VT-d and legacy PCI device pass-through |
| XSA-466 |
2024-12-17 12:00 | 2024-12-17 12:17 |
3 |
CVE-2024-53241 |
Xen hypercall page unsafe against speculative attacks |
| XSA-465 |
2024-12-17 12:00 | 2024-12-17 12:17 |
3 |
CVE-2024-53240 |
Backend can crash Linux netfront |
| XSA-464 |
2024-11-12 12:00 | 2024-11-12 12:04 |
2 |
CVE-2024-45819 |
libxl leaks data to PVH guests via ACPI tables |
| XSA-463 |
2024-11-12 12:00 | 2024-11-12 12:04 |
2 |
CVE-2024-45818 |
Deadlock in x86 HVM standard VGA handling |
| XSA-462 |
2024-09-24 10:46 | 2024-09-24 10:46 |
2 |
CVE-2024-45817 |
x86: Deadlock in vlapic_error() |
| XSA-461 |
2024-08-13 12:00 | 2024-08-14 13:24 |
2 |
CVE-2024-31146 |
PCI device pass-through with shared resources |
| XSA-460 |
2024-08-13 12:00 | 2024-08-14 13:24 |
2 |
CVE-2024-31145 |
error handling in x86 IOMMU identity mapping |
| XSA-459 |
2024-07-16 11:59 | 2024-07-16 11:59 |
2 |
CVE-2024-31144 |
Xapi: Metadata injection attack against backup/restore functionality |
| XSA-458 |
2024-07-16 11:59 | 2024-07-16 11:59 |
2 |
CVE-2024-31143 |
double unlock in x86 guest IRQ handling |
| XSA-457 |
2024-05-07 17:11 | 2024-05-08 22:19 |
3 |
CVE-2024-27393 |
Linux/xen-netfront: Memory leak due to missing cleanup function |
| XSA-456 |
2024-04-09 17:00 | 2024-05-07 17:11 |
3 |
CVE-2024-2201 |
x86: Native Branch History Injection |
| XSA-455 |
2024-04-09 16:29 | 2024-04-09 16:29 |
4 |
CVE-2024-31142 |
x86: Incorrect logic for BTC/SRSO mitigations |
| XSA-454 |
2024-04-09 11:50 | 2024-04-09 11:50 |
2 |
CVE-2023-46842 |
x86 HVM hypercalls may trigger Xen bug check |
| XSA-453 |
2024-03-12 16:44 | 2024-03-12 16:44 |
1 |
CVE-2024-2193 |
GhostRace: Speculative Race Conditions |
| XSA-452 |
2024-03-12 16:44 | 2024-03-12 16:44 |
1 |
CVE-2023-28746 |
x86: Register File Data Sampling |
| XSA-451 |
2024-02-27 10:38 | 2024-02-27 10:38 |
2 |
CVE-2023-46841 |
x86: shadow stack vs exceptions from emulation stubs |
| XSA-450 |
2024-01-30 12:00 | 2024-01-30 13:09 |
2 |
CVE-2023-46840 |
VT-d: Failure to quarantine devices in !HVM builds |
| XSA-449 |
2024-01-30 12:00 | 2024-01-30 13:09 |
2 |
CVE-2023-46839 |
pci: phantom functions assigned to incorrect contexts |
| XSA-448 |
2024-01-22 18:30 | 2024-01-22 18:30 |
2 |
CVE-2023-46838 |
Linux: netback processing of zero-length transmit fragment |
| XSA-447 |
2023-12-12 12:00 | 2023-12-12 12:01 |
2 |
CVE-2023-46837 |
arm32: The cache may not be properly cleaned/invalidated (take two) |
| XSA-446 |
2023-11-14 12:00 | 2023-11-14 13:58 |
2 |
CVE-2023-46836 |
x86: BTC/SRSO fixes not fully effective |
| XSA-445 |
2023-11-14 12:00 | 2023-11-14 13:58 |
3 |
CVE-2023-46835 |
x86/AMD: mismatch in IOMMU quarantine page table levels |
| XSA-444 |
2023-10-10 12:00 | 2023-10-10 12:09 |
3 |
CVE-2023-34327 CVE-2023-34328 |
x86/AMD: Debug Mask handling |
| XSA-443 |
2023-10-10 12:00 | 2023-11-09 15:18 |
4 |
CVE-2023-34325 CVE-2022-4949 |
Multiple vulnerabilities in libfsimage disk handling |
| XSA-442 |
2023-10-10 11:26 | 2023-10-10 11:26 |
2 |
CVE-2023-34326 |
x86/AMD: missing IOMMU TLB flushing |
| XSA-441 |
2023-10-10 11:26 | 2023-10-10 11:26 |
4 |
CVE-2023-34324 |
Possible deadlock in Linux kernel event handling |
| XSA-440 |
2023-10-10 11:26 | 2023-12-15 15:35 |
4 |
CVE-2023-34323 |
xenstored: A transaction conflict can crash C Xenstored |
| XSA-439 |
2023-09-25 16:03 | 2023-09-25 17:17 |
2 |
CVE-2023-20588 |
x86/AMD: Divide speculative information leak |
| XSA-438 |
2023-09-19 12:00 | 2023-09-20 09:19 |
2 |
CVE-2023-34322 |
top-level shadow reference dropped too early for 64-bit PV guests |
| XSA-437 |
2023-09-05 07:03 | 2023-09-05 07:03 |
2 |
CVE-2023-34321 |
arm32: The cache may not be properly cleaned/invalidated |
| XSA-436 |
2023-08-01 14:44 | 2023-08-01 14:44 |
1 |
CVE-2023-34320 |
arm: Guests can trigger a deadlock on Cortex-A77 |
| XSA-435 |
2023-08-08 15:53 | 2023-08-08 15:53 |
1 |
CVE-2022-40982 |
x86/Intel: Gather Data Sampling |
| XSA-434 |
2023-08-08 15:53 | 2023-08-08 15:53 |
1 |
CVE-2023-20569 |
x86/AMD: Speculative Return Stack Overflow |
| XSA-433 |
2023-07-24 16:00 | 2023-07-31 16:59 |
3 |
CVE-2023-20593 |
x86/AMD: Zenbleed |
| XSA-432 |
2023-08-08 15:53 | 2023-08-08 15:53 |
2 |
CVE-2023-34319 |
Linux: buffer overrun in netback due to unusual packet |
| XSA-431 |
2023-05-16 15:14 | 2023-05-16 15:14 |
1 |
CVE-2022-42336 |
Mishandling of guest SSBD selection on AMD hardware |
| XSA-430 |
2023-04-25 10:48 | 2023-04-25 10:48 |
2 |
CVE-2022-42335 |
x86 shadow paging arbitrary pointer dereference |
| XSA-429 |
2023-03-21 11:34 | 2023-03-21 11:34 |
3 |
CVE-2022-42331 |
x86: speculative vulnerability in 32bit SYSCALL path |
| XSA-428 |
2023-03-21 11:34 | 2023-03-21 11:34 |
3 |
CVE-2022-42333 CVE-2022-42334 |
x86/HVM pinned cache attributes mis-handling |
| XSA-427 |
2023-03-21 11:34 | 2023-03-21 11:34 |
2 |
CVE-2022-42332 |
x86 shadow plus log-dirty mode use-after-free |
| XSA-426 |
2023-02-14 18:02 | 2023-02-16 17:42 |
2 |
CVE-2022-27672 |
x86: Cross-Thread Return Address Predictions |
| XSA-425 |
2023-01-25 14:54 | 2023-01-25 14:54 |
1 |
CVE-2022-42330 |
Guests can cause Xenstore crash via soft reset |
| XSA-424 |
2022-12-06 15:15 | 2022-12-06 15:15 |
1 |
CVE-2022-42328 CVE-2022-42329 |
Guests can trigger deadlock in Linux netback driver |
| XSA-423 |
2022-12-06 15:15 | 2022-12-07 15:23 |
2 |
CVE-2022-3643 |
Guests can trigger NIC interface reset/abort/crash via netback |
| XSA-422 |
2022-11-08 17:34 | 2022-11-10 15:13 |
2 |
CVE-2022-23824 |
x86: Multiple speculative security issues |
| XSA-421 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42325 CVE-2022-42326 |
Xenstore: Guests can create arbitrary number of nodes via transactions |
| XSA-420 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42324 |
Oxenstored 32->31 bit integer truncation issues |
| XSA-419 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42322 CVE-2022-42323 |
Xenstore: Cooperating guests can create arbitrary numbers of nodes |
| XSA-418 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42321 |
Xenstore: Guests can crash xenstored via exhausting the stack |
| XSA-417 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42320 |
Xenstore: Guests can get access to Xenstore nodes of deleted domains |
| XSA-416 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42319 |
Xenstore: Guests can cause Xenstore to not free temporary memory |
| XSA-415 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42310 |
Xenstore: Guests can create orphaned Xenstore nodes |
| XSA-414 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42309 |
Xenstore: Guests can crash xenstored |
| XSA-413 |
2022-10-11 10:57 | 2022-10-11 10:57 |
2 |
CVE-2022-33749 |
XAPI open file limit DoS |
| XSA-412 |
2022-11-01 10:57 | 2022-11-01 10:57 |
2 |
CVE-2022-42327 |
x86: unintended memory sharing between guests |
| XSA-411 |
2022-10-11 10:57 | 2022-10-11 10:57 |
3 |
CVE-2022-33748 |
lock order inversion in transitive grant copy handling |
| XSA-410 |
2022-10-11 10:57 | 2022-10-11 10:57 |
3 |
CVE-2022-33746 |
P2M pool freeing may take excessively long |
| XSA-409 |
2022-10-11 10:57 | 2022-10-11 10:57 |
3 |
CVE-2022-33747 |
Arm: unbounded memory consumption for 2nd-level page tables |
| XSA-408 |
2022-07-26 10:59 | 2022-07-26 19:23 |
3 |
CVE-2022-33745 |
insufficient TLB flush for x86 PV guests in shadow mode |
| XSA-407 |
2022-07-12 16:35 | 2022-07-12 16:35 |
1 |
CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 |
Retbleed - arbitrary speculative code execution with return instructions |
| XSA-406 |
2022-07-05 10:44 | 2022-07-05 10:44 |
3 |
CVE-2022-33744 |
Arm guests can cause Dom0 DoS via PV devices |
| XSA-405 |
2022-07-05 10:44 | 2022-07-05 10:44 |
3 |
CVE-2022-33743 |
network backend may cause Linux netfront to use freed SKBs |
| XSA-404 |
2022-06-14 18:21 | 2022-06-16 16:09 |
2 |
CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 |
x86: MMIO Stale Data vulnerabilities |
| XSA-403 |
2022-07-05 10:44 | 2022-07-05 10:44 |
3 |
CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 |
Linux disk/nic frontends data leaks |
| XSA-402 |
2022-06-09 12:00 | 2022-06-09 12:06 |
4 |
CVE-2022-26363 CVE-2022-26364 |
x86 pv: Insufficient care with non-coherent mappings |
| XSA-401 |
2022-06-09 12:00 | 2022-06-09 12:06 |
2 |
CVE-2022-26362 |
x86 pv: Race condition in typeref acquisition |
| XSA-400 |
2022-04-05 12:00 | 2022-04-05 12:02 |
2 |
CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues |
| XSA-399 |
2022-04-05 11:12 | 2022-04-05 11:12 |
2 |
CVE-2022-26357 |
race in VT-d domain ID cleanup |
| XSA-398 |
2022-03-08 18:12 | 2022-03-18 14:39 |
2 |
none (yet) assigned |
Multiple speculative security issues |
| XSA-397 |
2022-04-05 11:12 | 2022-04-05 11:12 |
2 |
CVE-2022-26356 |
Racy interactions between dirty vram tracking and paging log dirty hypercalls |
| XSA-396 |
2022-03-10 10:54 | 2023-12-15 15:35 |
4 |
CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 |
Linux PV device frontends vulnerable to attacks by backends |
| XSA-395 |
2022-01-25 11:32 | 2022-01-25 11:32 |
2 |
CVE-2022-23035 |
Insufficient cleanup of passed-through device IRQs |
| XSA-394 |
2022-01-25 11:32 | 2022-01-25 11:32 |
3 |
CVE-2022-23034 |
A PV guest could DoS Xen while unmapping a grant |
| XSA-393 |
2022-01-25 11:32 | 2022-01-25 11:32 |
2 |
CVE-2022-23033 |
arm: guest_physmap_remove_page not removing the p2m mappings |
| XSA-392 |
2021-12-20 09:54 | 2021-12-20 09:54 |
4 |
CVE-2021-28714 CVE-2021-28715 |
Guest can force Linux netback driver to hog large amounts of kernel memory |
| XSA-391 |
2021-12-20 09:54 | 2021-12-20 09:54 |
3 |
CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 |
Rogue backends can cause DoS of guests via high frequency events |
| XSA-390 |
2021-11-19 14:10 | 2021-11-19 14:10 |
1 |
CVE-2021-28710 |
certain VT-d IOMMUs may not work in shared page table mode |
| XSA-389 |
2021-11-23 12:00 | 2021-11-23 12:10 |
3 |
CVE-2021-28705 CVE-2021-28709 |
issues with partially successful P2M updates on x86 |
| XSA-388 |
2021-11-23 12:00 | 2021-11-23 12:10 |
3 |
CVE-2021-28704 CVE-2021-28707 CVE-2021-28708 |
PoD operations on misaligned GFNs |
| XSA-387 |
2021-11-23 12:00 | 2021-11-23 12:10 |
2 |
CVE-2021-28703 |
grant table v2 status pages may remain accessible after de-allocation (take two) |
| XSA-386 |
2021-10-05 18:43 | 2021-10-07 14:40 |
2 |
CVE-2021-28702 |
PCI devices with RMRRs not deassigned correctly |
| XSA-385 |
2021-11-23 12:00 | 2021-11-23 12:10 |
2 |
CVE-2021-28706 |
guests may exceed their designated memory limit |
| XSA-384 |
2021-09-08 12:00 | 2021-09-08 12:27 |
3 |
CVE-2021-28701 |
Another race in XENMAPSPACE_grant_table handling |
| XSA-383 |
2021-08-25 12:00 | 2021-08-25 12:00 |
2 |
CVE-2021-28700 |
xen/arm: No memory limit for dom0less domUs |
| XSA-382 |
2021-08-25 12:00 | 2021-08-25 12:00 |
2 |
CVE-2021-28699 |
inadequate grant-v2 status frames array bounds check |
| XSA-380 |
2021-08-25 12:00 | 2021-09-01 09:30 |
3 |
CVE-2021-28698 |
long running loops in grant table handling |
| XSA-379 |
2021-08-25 12:00 | 2021-08-25 12:00 |
2 |
CVE-2021-28697 |
grant table v2 status pages may remain accessible after de-allocation |
| XSA-378 |
2021-08-25 12:00 | 2021-09-01 09:30 |
3 |
CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 |
IOMMU page mapping issues on x86 |
| XSA-377 |
2021-06-08 17:00 | 2021-06-08 17:04 |
2 |
CVE-2021-28690 |
x86: TSX Async Abort protections not restored after S3 |
| XSA-376 |
2021-12-20 12:04 | 2021-12-20 12:04 |
1 |
none (yet) assigned |
frontends vulnerable to backends |
| XSA-375 |
2021-06-08 17:00 | 2021-06-10 09:16 |
4 |
CVE-2021-0089 CVE-2021-26313 |
Speculative Code Store Bypass |
| XSA-374 |
2021-06-08 17:00 | 2021-06-08 17:04 |
2 |
CVE-2021-28691 |
Guest triggered use-after-free in Linux xen-netback |
| XSA-373 |
2021-06-08 17:00 | 2021-06-08 17:04 |
2 |
CVE-2021-28692 |
inappropriate x86 IOMMU timeout detection / handling |
| XSA-372 |
2021-06-08 17:00 | 2021-06-08 17:04 |
3 |
CVE-2021-28693 |
xen/arm: Boot modules are not scrubbed |
| XSA-371 |
2021-03-30 11:03 | 2021-03-30 11:03 |
3 |
CVE-2021-28688 |
Linux: blkback driver may leak persistent grants |
| XSA-370 |
2021-05-04 10:19 | 2021-05-04 10:19 |
2 |
CVE-2021-28689 |
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests |
| XSA-369 |
2021-03-04 10:58 | 2023-12-15 15:35 |
3 |
CVE-2021-28039 |
Linux: special config may crash when trying to map foreign pages |
| XSA-368 |
2021-03-18 11:57 | 2021-03-18 13:56 |
3 |
CVE-2021-28687 |
HVM soft-reset crashes toolstack |
| XSA-367 |
2021-03-04 10:39 | 2021-03-05 17:07 |
2 |
CVE-2021-28038 |
Linux: netback fails to honor grant mapping errors |
| XSA-366 |
2021-02-18 11:46 | 2021-02-23 16:36 |
2 |
CVE-2021-27379 |
missed flush in XSA-321 backport |
| XSA-365 |
2021-02-16 12:00 | 2021-02-16 12:35 |
3 |
CVE-2021-26930 |
Linux: error handling issues in blkback's grant mapping |
| XSA-364 |
2021-02-16 12:00 | 2021-02-16 12:35 |
3 |
CVE-2021-26933 |
arm: The cache may not be cleaned for newly allocated scrubbed pages |
| XSA-363 |
2021-02-16 12:00 | 2021-02-16 12:35 |
3 |
CVE-2021-26934 |
Linux: display frontend "be-alloc" mode is unsupported |
| XSA-362 |
2021-02-16 12:00 | 2021-02-16 12:35 |
3 |
CVE-2021-26931 |
Linux: backends treating grant mapping errors as bugs |
| XSA-361 |
2021-02-16 12:00 | 2021-02-16 12:35 |
4 |
CVE-2021-26932 |
Linux: grant mapping error handling issues |
| XSA-360 |
2021-01-21 14:09 | 2021-01-26 22:03 |
2 |
CVE-2021-3308 |
IRQ vector leak on x86 |
| XSA-359 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29571 |
FIFO event channels control structure ordering |
| XSA-358 |
2020-12-15 12:00 | 2020-12-16 17:04 |
5 |
CVE-2020-29570 |
FIFO event channels control block related ordering |
| XSA-357 |
2021-08-10 14:45 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-356 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29567 |
infinite loop when cleaning up IRQ vectors |
| XSA-355 |
2020-11-24 12:00 | 2021-01-19 16:24 |
3 |
CVE-2020-29040 |
stack corruption from XSA-346 change |
| XSA-354 |
2020-12-15 12:00 | 2020-12-15 12:19 |
4 |
CVE-2020-29487 |
XAPI: guest-triggered excessive memory usage |
| XSA-353 |
2020-12-15 12:00 | 2020-12-15 12:19 |
4 |
CVE-2020-29479 |
oxenstored: permissions not checked on root node |
| XSA-352 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29486 |
oxenstored: node ownership can be changed by unprivileged clients |
| XSA-351 |
2020-11-10 18:01 | 2023-12-15 15:35 |
3 |
CVE-2020-28368 |
Information leak via power sidechannel |
| XSA-350 |
2020-12-15 12:00 | 2020-12-15 12:19 |
4 |
CVE-2020-29569 |
Use after free triggered by block frontend in Linux blkback |
| XSA-349 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29568 |
Frontends can trigger OOM in Backends by update a watched path |
| XSA-348 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29566 |
undue recursion in x86 HVM context switch code |
| XSA-347 |
2020-10-20 11:49 | 2021-01-19 16:24 |
3 |
CVE-2020-27670 |
unsafe AMD IOMMU page table updates |
| XSA-346 |
2020-10-20 11:49 | 2021-01-19 16:24 |
3 |
CVE-2020-27671 |
undue deferral of IOMMU TLB flushes |
| XSA-345 |
2020-10-20 11:49 | 2023-12-15 15:35 |
5 |
CVE-2020-27672 |
x86: Race condition in Xen mapping code |
| XSA-344 |
2020-09-22 12:00 | 2020-09-22 13:36 |
4 |
CVE-2020-25601 |
lack of preemption in evtchn_reset() / evtchn_destroy() |
| XSA-343 |
2020-09-22 12:00 | 2020-12-16 17:03 |
5 |
CVE-2020-25599 |
races with evtchn_reset() |
| XSA-342 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25600 |
out of bounds event channels available to 32-bit x86 domains |
| XSA-341 |
2020-09-08 15:35 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-340 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25603 |
Missing memory barriers when accessing/allocating an event channel |
| XSA-339 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25596 |
x86 pv guest kernel DoS via SYSENTER |
| XSA-338 |
2020-09-22 12:00 | 2020-09-22 13:36 |
4 |
CVE-2020-25597 |
once valid event channels may not turn invalid |
| XSA-337 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25595 |
PCI passthrough code reading back hardware registers |
| XSA-336 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25604 |
race when migrating timers between x86 HVM vCPU-s |
| XSA-335 |
2020-08-24 12:00 | 2023-12-15 15:35 |
3 |
CVE-2020-14364 |
QEMU: usb: out-of-bounds r/w access issue |
| XSA-334 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25598 |
Missing unlock in XENMEM_acquire_resource error path |
| XSA-333 |
2020-09-22 12:00 | 2020-09-22 13:36 |
3 |
CVE-2020-25602 |
x86 pv: Crash when handling guest access to MSR_MISC_ENABLE |
| XSA-332 |
2020-10-20 11:49 | 2021-01-19 16:24 |
4 |
CVE-2020-27673 |
Rogue guests can cause DoS of Dom0 via high frequency events |
| XSA-331 |
2020-10-20 11:49 | 2021-01-19 16:24 |
3 |
CVE-2020-27675 |
Race condition in Linux event handler may crash dom0 |
| XSA-330 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29485 |
oxenstored memory leak in reset_watches |
| XSA-329 |
2020-07-16 12:00 | 2023-12-15 15:35 |
4 |
CVE-2020-15852 |
Linux ioperm bitmap context switching issues |
| XSA-328 |
2020-07-07 12:00 | 2020-07-07 12:23 |
3 |
CVE-2020-15567 |
non-atomic modification of live EPT PTE |
| XSA-327 |
2020-07-07 12:00 | 2020-07-07 12:23 |
3 |
CVE-2020-15564 |
Missing alignment check in VCPUOP_register_vcpu_info |
| XSA-326 |
2022-11-01 10:57 | 2022-11-01 10:57 |
4 |
CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 |
Xenstore: guests can let run xenstored out of memory |
| XSA-325 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29483 |
Xenstore: guests can disturb domain cleanup |
| XSA-324 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29484 |
Xenstore: guests can crash xenstored via watchs |
| XSA-323 |
2020-12-15 12:00 | 2020-12-15 12:19 |
3 |
CVE-2020-29482 |
Xenstore: wrong path length check |
| XSA-322 |
2020-12-15 12:00 | 2020-12-16 16:40 |
5 |
CVE-2020-29481 |
Xenstore: new domains inheriting existing node permissions |
| XSA-321 |
2020-07-07 12:00 | 2020-07-07 12:21 |
3 |
CVE-2020-15565 |
insufficient cache write-back under VT-d |
| XSA-320 |
2020-06-09 16:33 | 2020-06-11 13:09 |
2 |
CVE-2020-0543 |
Special Register Buffer speculative side channel |
| XSA-319 |
2020-07-07 12:00 | 2020-07-07 12:18 |
3 |
CVE-2020-15563 |
inverted code paths in x86 dirty VRAM tracking |
| XSA-318 |
2020-04-14 12:00 | 2020-04-14 12:00 |
3 |
CVE-2020-11742 |
Bad continuation handling in GNTTABOP_copy |
| XSA-317 |
2020-07-07 12:00 | 2020-07-07 12:18 |
3 |
CVE-2020-15566 |
Incorrect error handling in event channel port allocation |
| XSA-316 |
2020-04-14 12:00 | 2020-04-14 12:00 |
3 |
CVE-2020-11743 |
Bad error path in GNTTABOP_map_grant |
| XSA-315 |
2020-03-10 17:02 | 2020-03-10 17:02 |
1 |
CVE-2020-0551 |
Load Value Injection (LVI) speculative side channel |
| XSA-314 |
2020-04-14 12:00 | 2020-04-14 12:00 |
3 |
CVE-2020-11739 |
Missing memory barriers in read-write unlock paths |
| XSA-313 |
2020-04-14 12:00 | 2020-04-14 12:00 |
3 |
CVE-2020-11740 CVE-2020-11741 |
multiple xenoprof issues |
| XSA-312 |
2020-01-14 14:20 | 2020-01-14 14:20 |
1 |
none (yet) assigned |
arm: a CPU may speculate past the ERET instruction |
| XSA-311 |
2019-12-11 12:00 | 2019-12-11 12:09 |
4 |
CVE-2019-19577 |
Bugs in dynamic height handling for AMD IOMMU pagetables |
| XSA-310 |
2019-12-11 12:00 | 2019-12-11 12:09 |
3 |
CVE-2019-19580 |
Further issues with restartable PV type change operations |
| XSA-309 |
2019-12-11 12:00 | 2019-12-11 12:09 |
3 |
CVE-2019-19578 |
Linear pagetable use / entry miscounts |
| XSA-308 |
2019-12-11 12:00 | 2020-08-14 16:50 |
4 |
CVE-2019-19583 |
VMX: VMentry failure with debug exceptions and blocked states |
| XSA-307 |
2019-12-11 12:00 | 2020-08-14 16:50 |
4 |
CVE-2019-19581 CVE-2019-19582 |
find_next_bit() issues |
| XSA-306 |
2019-11-26 11:59 | 2019-12-05 14:20 |
3 |
CVE-2019-19579 |
Device quarantine for alternate pci assignment methods |
| XSA-305 |
2019-11-12 17:53 | 2020-08-14 16:50 |
2 |
CVE-2019-11135 |
TSX Asynchronous Abort speculative side channel |
| XSA-304 |
2019-11-12 17:53 | 2020-08-14 16:50 |
2 |
CVE-2018-12207 |
x86: Machine Check Error on Page Size Change DoS |
| XSA-303 |
2019-10-31 12:00 | 2020-08-14 16:50 |
5 |
CVE-2019-18422 |
ARM: Interrupts are unconditionally unmasked in exception handlers |
| XSA-302 |
2019-10-31 12:00 | 2019-10-31 12:30 |
5 |
CVE-2019-18424 |
passed through PCI devices may corrupt host memory after deassignment |
| XSA-301 |
2019-10-31 12:00 | 2020-08-14 16:50 |
4 |
CVE-2019-18423 |
add-to-physmap can be abused to DoS Arm hosts |
| XSA-300 |
2019-07-09 13:54 | 2020-08-14 16:50 |
4 |
CVE-2019-17351 |
Linux: No grant table and foreign mapping limits |
| XSA-299 |
2019-10-31 12:00 | 2019-10-31 12:28 |
4 |
CVE-2019-18421 |
Issues with restartable PV type change operations |
| XSA-298 |
2019-10-31 12:00 | 2019-10-31 12:28 |
3 |
CVE-2019-18425 |
missing descriptor table limit checking in x86 PV emulation |
| XSA-297 |
2019-05-14 15:51 | 2019-05-14 15:51 |
1 |
CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 |
Microarchitectural Data Sampling speculative side channel |
| XSA-296 |
2019-10-31 12:00 | 2020-08-14 16:41 |
5 |
CVE-2019-18420 |
VCPUOP_initialise DoS |
| XSA-295 |
2019-06-13 19:15 | 2019-10-25 11:09 |
2 |
CVE-2019-17349 CVE-2019-17350 |
Unlimited Arm Atomics Operations |
| XSA-294 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17348 |
x86 shadow: Insufficient TLB flushing when using PCID |
| XSA-293 |
2019-03-05 12:00 | 2019-10-25 11:09 |
4 |
CVE-2019-17347 |
x86: PV kernel context switch corruption |
| XSA-292 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17346 |
x86: insufficient TLB flushing when using PCID |
| XSA-291 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17345 |
x86/PV: page type reference counting issue with failed IOMMU update |
| XSA-290 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17344 |
missing preemption in x86 PV page table unvalidation |
| XSA-289 |
2019-01-21 12:00 | 2019-01-21 17:32 |
3 |
none (yet) assigned |
Cache-load gadgets exploitable with L1TF |
| XSA-288 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17343 |
x86: Inconsistent PV IOMMU discipline |
| XSA-287 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17342 |
x86: steal_page violates page_struct access discipline |
| XSA-286 |
2020-10-20 11:49 | 2021-01-19 16:24 |
6 |
CVE-2020-27674 |
x86 PV guest INVLPG-like flushes may leave stale TLB entries |
| XSA-285 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17341 |
race with pass-through device hotplug |
| XSA-284 |
2019-03-05 12:00 | 2019-10-25 11:09 |
3 |
CVE-2019-17340 |
grant table transfer issues on large hosts |
| XSA-283 |
2019-02-22 17:42 | 2019-02-22 17:42 |
2 |
- |
Withdrawn Xen Security Advisory number |
| XSA-282 |
2018-11-06 18:40 | 2023-12-15 15:35 |
3 |
CVE-2018-19967 |
guest use of HLE constructs may lock up host |
| XSA-281 |
2019-03-12 14:12 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-280 |
2018-11-20 12:00 | 2023-12-15 15:35 |
4 |
CVE-2018-19966 |
Fix for XSA-240 conflicts with shadow paging |
| XSA-279 |
2018-11-20 12:00 | 2019-01-08 16:43 |
3 |
CVE-2018-19965 |
x86: DoS from attempting to use INVPCID with a non-canonical addresses |
| XSA-278 |
2018-10-24 21:11 | 2018-11-01 11:10 |
2 |
CVE-2018-18883 |
x86: Nested VT-x usable even when disabled |
| XSA-277 |
2018-11-20 12:00 | 2019-01-08 16:43 |
3 |
CVE-2018-19964 |
x86: incorrect error handling for guest p2m page removals |
| XSA-276 |
2018-11-20 12:00 | 2019-01-08 16:43 |
3 |
CVE-2018-19963 |
resource accounting issues in x86 IOREQ server handling |
| XSA-275 |
2018-11-20 12:00 | 2019-01-08 16:43 |
3 |
CVE-2018-19961 CVE-2018-19962 |
insufficient TLB flushing / improper large page mappings with AMD IOMMUs |
| XSA-274 |
2018-07-25 16:39 | 2018-08-15 16:09 |
3 |
CVE-2018-14678 |
Linux: Uninitialized state in x86 PV failsafe callback path |
| XSA-273 |
2018-08-14 17:15 | 2018-08-14 17:15 |
1 |
CVE-2018-3620 CVE-2018-3646 |
L1 Terminal Fault speculative side channel |
| XSA-272 |
2018-08-14 17:00 | 2018-08-20 09:46 |
3 |
CVE-2018-15470 |
oxenstored does not apply quota-maxentity |
| XSA-271 |
2018-08-14 17:00 | 2023-12-15 15:35 |
3 |
CVE-2018-14007 |
XAPI HTTP directory traversal |
| XSA-270 |
2018-08-14 17:00 | 2018-08-20 09:46 |
3 |
CVE-2018-15471 |
Linux netback driver OOB access in hash handling |
| XSA-269 |
2018-08-14 17:00 | 2023-12-15 15:35 |
4 |
CVE-2018-15468 |
x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS |
| XSA-268 |
2018-08-14 17:00 | 2018-08-20 09:46 |
3 |
CVE-2018-15469 |
Use of v2 grant tables may cause crash on ARM |
| XSA-267 |
2018-06-13 20:23 | 2023-12-15 15:35 |
4 |
CVE-2018-3665 |
Speculative register leakage from lazy FPU context switching |
| XSA-266 |
2018-06-27 20:06 | 2018-06-27 20:06 |
3 |
CVE-2018-12892 |
libxl fails to honour readonly flag on HVM emulated SCSI disks |
| XSA-265 |
2018-06-27 20:06 | 2018-06-27 20:06 |
3 |
CVE-2018-12893 |
x86: #DB exception safety check can be triggered by a guest |
| XSA-264 |
2018-06-27 20:06 | 2018-06-27 20:06 |
3 |
CVE-2018-12891 |
preemption checks bypassed in x86 PV MM handling |
| XSA-263 |
2018-05-21 16:52 | 2018-05-21 16:52 |
1 |
CVE-2018-3639 |
Speculative Store Bypass |
| XSA-262 |
2018-05-08 16:45 | 2018-05-11 10:13 |
3 |
CVE-2018-10981 |
qemu may drive Xen into unbounded loop |
| XSA-261 |
2018-05-08 16:45 | 2018-05-11 10:13 |
3 |
CVE-2018-10982 |
x86 vHPET interrupt injection errors |
| XSA-260 |
2018-05-08 16:45 | 2023-12-15 15:35 |
3 |
CVE-2018-8897 |
x86: mishandling of debug exceptions |
| XSA-259 |
2018-04-25 12:00 | 2023-12-15 15:35 |
4 |
CVE-2018-10471 |
x86: PV guest may crash Xen with XPTI |
| XSA-258 |
2018-04-25 12:00 | 2018-04-30 13:14 |
3 |
CVE-2018-10472 |
Information leak via crafted user-supplied CDROM |
| XSA-256 |
2018-02-27 11:57 | 2018-03-01 13:15 |
3 |
CVE-2018-7542 |
x86 PVH guest without LAPIC may DoS the host |
| XSA-255 |
2018-02-27 11:57 | 2018-03-01 13:15 |
4 |
CVE-2018-7541 |
grant table v2 -> v1 transition may crash Xen |
| XSA-254 |
2018-01-03 22:29 | 2018-02-23 19:35 |
12 |
CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 |
Information leak via side effects of speculative execution |
| XSA-253 |
2018-01-04 12:00 | 2018-01-06 15:24 |
3 |
CVE-2018-5244 |
x86: memory leak with MSR emulation |
| XSA-252 |
2018-02-27 11:57 | 2018-03-01 13:15 |
3 |
CVE-2018-7540 |
DoS via non-preemptable L3/L4 pagetable freeing |
| XSA-251 |
2017-12-12 11:35 | 2018-01-06 16:14 |
3 |
CVE-2017-17565 |
improper bug check in x86 log-dirty handling |
| XSA-250 |
2017-12-12 11:35 | 2018-01-06 16:14 |
3 |
CVE-2017-17564 |
improper x86 shadow mode refcount error handling |
| XSA-249 |
2017-12-12 11:35 | 2018-01-06 16:14 |
3 |
CVE-2017-17563 |
broken x86 shadow mode refcount overflow check |
| XSA-248 |
2017-12-12 11:35 | 2018-01-06 16:14 |
3 |
CVE-2017-17566 |
x86 PV guests may gain access to internally used pages |
| XSA-247 |
2017-11-28 11:58 | 2017-11-30 11:59 |
3 |
CVE-2017-17045 |
Missing p2m error checking in PoD code |
| XSA-246 |
2017-11-28 11:58 | 2017-11-30 11:59 |
3 |
CVE-2017-17044 |
x86: infinite loop due to missing PoD error checking |
| XSA-245 |
2017-09-28 17:26 | 2023-12-15 15:35 |
3 |
CVE-2017-17046 |
ARM: Some memory not scrubbed at boot |
| XSA-244 |
2017-10-12 12:00 | 2017-10-18 12:08 |
3 |
CVE-2017-15594 |
x86: Incorrect handling of IST settings during CPU hotplug |
| XSA-243 |
2017-10-12 12:00 | 2017-11-15 17:13 |
5 |
CVE-2017-15592 |
x86: Incorrect handling of self-linear shadow mappings with translated guests |
| XSA-242 |
2017-10-12 12:00 | 2017-10-18 12:08 |
3 |
CVE-2017-15593 |
page type reference leak on x86 |
| XSA-241 |
2017-10-12 12:00 | 2017-10-18 12:08 |
4 |
CVE-2017-15588 |
Stale TLB entry due to page type release race |
| XSA-240 |
2017-10-12 12:00 | 2017-12-11 18:15 |
6 |
CVE-2017-15595 |
Unlimited recursion in linear pagetable de-typing |
| XSA-239 |
2017-10-12 12:00 | 2017-10-18 12:08 |
3 |
CVE-2017-15589 |
hypervisor stack leak in x86 I/O intercept code |
| XSA-238 |
2017-10-12 12:00 | 2017-12-06 10:59 |
3 |
CVE-2017-15591 |
DMOP map/unmap missing argument checks |
| XSA-237 |
2017-10-12 12:00 | 2017-10-18 12:08 |
3 |
CVE-2017-15590 |
multiple MSI mapping issues on x86 |
| XSA-236 |
2017-10-24 12:00 | 2017-10-24 13:55 |
3 |
CVE-2017-15597 |
pin count / page reference race in grant table code |
| XSA-235 |
2017-08-23 15:16 | 2017-10-18 12:08 |
2 |
CVE-2017-15596 |
add-to-physmap error paths fail to release lock on ARM |
| XSA-234 |
2017-09-12 12:00 | 2017-09-12 12:03 |
3 |
CVE-2017-14319 |
insufficient grant unmapping checks for x86 PV guests |
| XSA-233 |
2017-09-12 12:00 | 2023-12-15 15:35 |
4 |
CVE-2017-14317 |
cxenstored: Race in domain cleanup |
| XSA-232 |
2017-09-12 12:00 | 2017-09-12 12:03 |
4 |
CVE-2017-14318 |
Missing check for grant table |
| XSA-231 |
2017-09-12 12:00 | 2017-09-12 12:03 |
3 |
CVE-2017-14316 |
Missing NUMA node parameter verification |
| XSA-230 |
2017-08-15 12:00 | 2017-08-15 13:47 |
3 |
CVE-2017-12855 |
grant_table: possibly premature clearing of GTF_writing / GTF_reading |
| XSA-229 |
2017-08-15 12:00 | 2017-08-15 12:04 |
3 |
CVE-2017-12134 |
linux: Fix Xen block IO merge-ability calculation |
| XSA-228 |
2017-08-15 12:00 | 2017-08-15 12:04 |
3 |
CVE-2017-12136 |
grant_table: Race conditions with maptrack free list handling |
| XSA-227 |
2017-08-15 12:00 | 2017-08-15 12:04 |
3 |
CVE-2017-12137 |
x86: PV privilege escalation via map_grant_ref |
| XSA-226 |
2017-08-15 12:00 | 2017-08-29 12:03 |
7 |
CVE-2017-12135 |
multiple problems with transitive grants |
| XSA-225 |
2017-06-20 11:58 | 2017-07-07 13:52 |
3 |
CVE-2017-10923 |
arm: vgic: Out-of-bound access when sending SGIs |
| XSA-224 |
2017-06-20 11:58 | 2017-07-07 13:52 |
5 |
CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 |
grant table operations mishandle reference counts |
| XSA-223 |
2017-06-20 11:58 | 2017-07-07 13:52 |
3 |
CVE-2017-10919 |
ARM guest disabling interrupt may crash Xen |
| XSA-222 |
2017-06-20 11:58 | 2017-07-07 13:52 |
3 |
CVE-2017-10918 |
stale P2M mappings due to insufficient error checking |
| XSA-221 |
2017-06-20 11:58 | 2023-12-15 15:35 |
4 |
CVE-2017-10917 |
NULL pointer deref in event channel poll |
| XSA-220 |
2017-06-20 11:58 | 2017-07-07 13:52 |
3 |
CVE-2017-10916 |
x86: PKRU and BND* leakage between vCPU-s |
| XSA-219 |
2017-06-20 11:58 | 2017-07-07 13:52 |
3 |
CVE-2017-10915 |
x86: insufficient reference counts during shadow emulation |
| XSA-218 |
2017-06-20 12:00 | 2017-07-07 13:52 |
5 |
CVE-2017-10913 CVE-2017-10914 |
Races in the grant table unmap code |
| XSA-217 |
2017-06-20 11:58 | 2017-07-07 13:52 |
3 |
CVE-2017-10912 |
page transfer may allow PV guest to elevate privilege |
| XSA-216 |
2017-06-20 11:58 | 2017-07-07 13:52 |
5 |
CVE-2017-10911 |
blkif responses leak backend stack data |
| XSA-215 |
2017-05-02 11:18 | 2017-05-12 10:44 |
3 |
CVE-2017-8905 |
possible memory corruption via failsafe callback |
| XSA-214 |
2017-05-02 11:18 | 2023-12-15 15:35 |
4 |
CVE-2017-8904 |
grant transfer allows PV guest to elevate privileges |
| XSA-213 |
2017-05-02 11:18 | 2017-05-12 10:44 |
3 |
CVE-2017-8903 |
x86: 64bit PV guest breakout via pagetable use-after-mode-change |
| XSA-212 |
2017-04-04 12:00 | 2017-04-04 12:37 |
3 |
CVE-2017-7228 |
x86: broken check in memory_exchange() permits PV guest breakout |
| XSA-211 |
2017-03-14 11:58 | 2023-12-15 15:35 |
3 |
CVE-2016-9603 |
Cirrus VGA Heap overflow via display refresh |
| XSA-210 |
2017-02-23 16:28 | 2017-02-23 16:28 |
1 |
none (yet) assigned |
arm: memory corruption when freeing p2m pages |
| XSA-209 |
2017-02-21 10:42 | 2023-12-15 15:35 |
5 |
CVE-2017-2620 |
cirrus_bitblt_cputovideo does not check if memory region is safe |
| XSA-208 |
2017-02-10 12:43 | 2023-12-15 15:35 |
3 |
CVE-2017-2615 |
oob access in cirrus bitblt copy |
| XSA-207 |
2017-02-15 12:00 | 2017-02-15 12:05 |
2 |
none (yet) assigned |
memory leak when destroying guest without PT devices |
| XSA-206 |
2017-03-28 12:00 | 2023-12-15 15:35 |
10 |
none (yet) assigned |
xenstore denial of service via repeated update |
| XSA-205 |
2017-02-13 14:23 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-204 |
2016-12-19 15:36 | 2016-12-19 17:04 |
2 |
CVE-2016-10013 |
x86: Mishandling of SYSCALL singlestep during emulation |
| XSA-203 |
2016-12-21 12:00 | 2016-12-21 12:01 |
3 |
CVE-2016-10025 |
x86: missing NULL pointer check in VMFUNC emulation |
| XSA-202 |
2016-12-21 12:00 | 2016-12-21 12:01 |
3 |
CVE-2016-10024 |
x86 PV guests may be able to mask interrupts |
| XSA-201 |
2016-11-29 14:48 | 2023-12-15 15:35 |
3 |
CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 |
ARM guests may induce host asynchronous abort |
| XSA-200 |
2016-12-13 12:00 | 2016-12-13 13:07 |
3 |
CVE-2016-9932 |
x86 CMPXCHG8B emulation fails to ignore operand size override |
| XSA-199 |
2016-12-06 12:00 | 2023-12-15 15:35 |
4 |
CVE-2016-9637 |
qemu ioport array overflow |
| XSA-198 |
2016-11-22 12:00 | 2023-12-15 15:35 |
4 |
CVE-2016-9379 CVE-2016-9380 |
delimiter injection vulnerabilities in pygrub |
| XSA-197 |
2016-11-22 12:00 | 2023-12-15 15:35 |
4 |
CVE-2016-9381 |
qemu incautious about shared ring processing |
| XSA-196 |
2016-11-22 12:00 | 2016-11-22 12:00 |
3 |
CVE-2016-9377 CVE-2016-9378 |
x86 software interrupt injection mis-handled |
| XSA-195 |
2016-11-22 12:00 | 2016-11-22 12:00 |
3 |
CVE-2016-9383 |
x86 64-bit bit test instruction emulation broken |
| XSA-194 |
2016-11-22 12:00 | 2016-11-22 12:00 |
3 |
CVE-2016-9384 |
guest 32-bit ELF symbol table load leaking host data |
| XSA-193 |
2016-11-22 12:00 | 2016-11-22 12:00 |
3 |
CVE-2016-9385 |
x86 segment base write emulation lacking canonical address checks |
| XSA-192 |
2016-11-22 12:00 | 2016-11-22 12:00 |
3 |
CVE-2016-9382 |
x86 task switch to VM86 mode mis-handled |
| XSA-191 |
2016-11-22 12:00 | 2016-11-22 12:00 |
3 |
CVE-2016-9386 |
x86 null segments not always treated as unusable |
| XSA-190 |
2016-10-04 12:00 | 2016-10-04 12:50 |
5 |
CVE-2016-7777 |
CR0.TS and CR0.EM not always honored for x86 HVM guests |
| XSA-189 |
2016-09-21 09:46 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-188 |
2016-09-08 12:00 | 2016-09-08 12:00 |
3 |
CVE-2016-7154 |
use after free in FIFO event channel code |
| XSA-187 |
2016-09-08 12:00 | 2016-09-08 12:04 |
3 |
CVE-2016-7094 |
x86 HVM: Overflow of sh_ctxt->seg_reg[] |
| XSA-186 |
2016-09-08 12:00 | 2016-09-08 12:00 |
4 |
CVE-2016-7093 |
x86: Mishandling of instruction pointer truncation during emulation |
| XSA-185 |
2016-09-08 12:00 | 2016-09-08 12:00 |
3 |
CVE-2016-7092 |
x86: Disallow L3 recursive pagetable for 32-bit PV guests |
| XSA-184 |
2016-07-27 15:00 | 2023-12-15 15:35 |
3 |
CVE-2016-5403 |
virtio: unbounded memory allocation issue |
| XSA-183 |
2016-07-26 11:32 | 2023-12-15 15:35 |
6 |
CVE-2016-6259 |
x86: Missing SMAP whitelisting in 32-bit exception / event delivery |
| XSA-182 |
2016-07-26 11:32 | 2023-12-15 15:35 |
4 |
CVE-2016-6258 |
x86: Privilege escalation in PV guests |
| XSA-181 |
2016-06-03 09:47 | 2016-06-03 13:55 |
2 |
CVE-2016-5242 |
arm: Host crash caused by VMID exhaustion |
| XSA-180 |
2016-05-23 17:09 | 2023-12-15 15:35 |
2 |
CVE-2014-3672 |
Unrestricted qemu logging |
| XSA-179 |
2016-05-09 11:48 | 2016-05-10 11:23 |
5 |
CVE-2016-3710 CVE-2016-3712 |
QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks |
| XSA-178 |
2016-06-02 12:00 | 2016-06-06 16:55 |
4 |
CVE-2016-4963 |
Unsanitised driver domain input in libxl device handling |
| XSA-177 |
2016-05-24 12:21 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-176 |
2016-05-17 10:54 | 2016-05-17 10:54 |
3 |
CVE-2016-4480 |
x86 software guest page walk PS bit handling flaw |
| XSA-175 |
2016-06-02 12:00 | 2023-12-15 15:35 |
7 |
CVE-2016-4962 |
Unsanitised guest input in libxl device handling code |
| XSA-174 |
2016-04-14 12:00 | 2016-04-14 13:03 |
3 |
CVE-2016-3961 |
hugetlbfs use may crash PV Linux guests |
| XSA-173 |
2016-04-18 12:00 | 2016-04-18 13:31 |
3 |
CVE-2016-3960 |
x86 shadow pagetables: address width overflow |
| XSA-172 |
2016-03-24 16:26 | 2016-03-24 16:26 |
3 |
CVE-2016-3158 CVE-2016-3159 |
broken AMD FPU FIP/FDP/FOP leak workaround |
| XSA-171 |
2016-03-16 19:00 | 2016-03-16 19:03 |
4 |
CVE-2016-3157 |
I/O port access privilege escalation in x86-64 Linux |
| XSA-170 |
2016-02-17 12:00 | 2016-02-17 12:25 |
3 |
CVE-2016-2271 |
VMX: guest user mode may crash guest with non-canonical RIP |
| XSA-169 |
2015-12-21 11:12 | 2015-12-22 18:46 |
2 |
CVE-2015-8615 |
x86: unintentional logging upon guest changing callback method |
| XSA-168 |
2016-01-20 12:00 | 2016-01-20 12:08 |
3 |
CVE-2016-1571 |
VMX: intercept issue with INVLPG on non-canonical address |
| XSA-167 |
2016-01-20 12:00 | 2016-01-20 12:08 |
4 |
CVE-2016-1570 |
PV superpage functionality missing sanity checks |
| XSA-166 |
2015-12-17 12:00 | 2015-12-17 12:38 |
2 |
none (yet) assigned |
ioreq handling possibly susceptible to multiple read issue |
| XSA-165 |
2015-12-17 12:00 | 2015-12-17 12:38 |
3 |
CVE-2015-8555 |
information leak in legacy x86 FPU/XMM initialization |
| XSA-164 |
2015-12-17 12:00 | 2023-12-15 15:35 |
4 |
CVE-2015-8554 |
qemu-dm buffer overrun in MSI-X handling |
| XSA-163 |
2015-11-24 17:12 | 2015-11-24 17:12 |
1 |
none (yet) assigned |
virtual PMU is unsupported |
| XSA-162 |
2015-11-30 06:00 | 2023-12-15 15:35 |
3 |
CVE-2015-7504 |
heap buffer overflow vulnerability in pcnet emulator |
| XSA-161 |
2015-11-25 15:29 | 2015-11-25 15:29 |
2 |
none (yet) assigned |
WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM |
| XSA-160 |
2015-12-08 11:29 | 2015-12-08 11:29 |
3 |
CVE-2015-8341 |
libxl leak of pv kernel and initrd on error |
| XSA-159 |
2015-12-08 11:29 | 2015-12-08 11:29 |
4 |
CVE-2015-8339 CVE-2015-8340 |
XENMEM_exchange error handling issues |
| XSA-158 |
2015-12-08 11:29 | 2023-12-15 15:35 |
5 |
CVE-2015-8338 |
long running memory operations on ARM |
| XSA-157 |
2015-12-17 12:00 | 2023-12-15 15:35 |
4 |
CVE-2015-8551 CVE-2015-8552 |
Linux pciback missing sanity checks leading to crash |
| XSA-156 |
2015-11-10 00:01 | 2015-11-10 00:07 |
2 |
CVE-2015-5307 CVE-2015-8104 |
x86: CPU lockup during exception delivery |
| XSA-155 |
2015-12-17 12:00 | 2015-12-17 13:36 |
6 |
CVE-2015-8550 |
paravirtualized drivers incautious about shared memory contents |
| XSA-154 |
2016-02-17 12:00 | 2016-02-17 12:25 |
3 |
CVE-2016-2270 |
x86: inconsistent cachability flags on guest mappings |
| XSA-153 |
2015-10-29 11:59 | 2023-12-15 15:35 |
4 |
CVE-2015-7972 |
x86: populate-on-demand balloon size inaccuracy can crash guests |
| XSA-152 |
2015-10-29 11:59 | 2015-10-29 11:59 |
3 |
CVE-2015-7971 |
x86: some pmu and profiling hypercalls log without rate limiting |
| XSA-151 |
2015-10-29 11:59 | 2015-10-29 11:59 |
3 |
CVE-2015-7969 |
x86: leak of per-domain profiling-related vcpu pointer array |
| XSA-150 |
2015-10-29 11:59 | 2015-10-29 11:59 |
5 |
CVE-2015-7970 |
x86: Long latency populate-on-demand operation is not preemptible |
| XSA-149 |
2015-10-29 11:59 | 2015-10-29 11:59 |
3 |
CVE-2015-7969 |
leak of main per-domain vcpu pointer array |
| XSA-148 |
2015-10-29 11:59 | 2015-10-29 11:59 |
4 |
CVE-2015-7835 |
x86: Uncontrolled creation of large page mappings by PV guests |
| XSA-147 |
2015-10-29 11:59 | 2015-10-29 11:59 |
3 |
CVE-2015-7814 |
arm: Race between domain destruction and memory allocation decrease |
| XSA-146 |
2015-10-29 11:59 | 2015-10-29 11:59 |
3 |
CVE-2015-7813 |
arm: various unimplemented hypercalls log without rate limiting |
| XSA-145 |
2015-10-29 11:59 | 2015-10-29 11:59 |
3 |
CVE-2015-7812 |
arm: Host crash when preempting a multicall |
| XSA-144 |
2015-10-14 12:03 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-143 |
2015-10-14 12:03 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-142 |
2015-09-22 10:00 | 2023-12-15 15:35 |
3 |
CVE-2015-7311 |
libxl fails to honour readonly flag on disks with qemu-xen |
| XSA-141 |
2015-09-01 12:00 | 2015-09-01 13:18 |
3 |
CVE-2015-6654 |
printk is not rate-limited in xenmem_add_to_physmap_one |
| XSA-140 |
2015-08-03 12:00 | 2023-12-15 15:35 |
3 |
CVE-2015-5165 |
QEMU leak of uninitialized heap memory in rtl8139 device model |
| XSA-139 |
2015-08-03 12:00 | 2023-12-15 15:35 |
3 |
CVE-2015-5166 |
Use after free in QEMU/Xen block unplug protocol |
| XSA-138 |
2015-07-27 12:00 | 2015-07-27 12:03 |
2 |
CVE-2015-5154 |
QEMU heap overflow flaw while processing certain ATAPI commands. |
| XSA-137 |
2015-07-07 12:00 | 2023-12-15 15:35 |
4 |
CVE-2015-3259 |
xl command line config handling stack overflow |
| XSA-136 |
2015-06-11 12:00 | 2015-06-11 12:28 |
3 |
CVE-2015-4164 |
vulnerability in the iret hypercall handler |
| XSA-135 |
2015-06-10 13:10 | 2023-12-15 15:35 |
4 |
CVE-2015-3209 |
Heap overflow in QEMU PCNET controller, allowing guest->host escape |
| XSA-134 |
2015-06-11 12:00 | 2015-06-11 12:28 |
3 |
CVE-2015-4163 |
GNTTABOP_swap_grant_ref operation misbehavior |
| XSA-133 |
2015-05-13 11:15 | 2023-12-15 15:35 |
3 |
CVE-2015-3456 |
Privilege escalation via emulated floppy disk drive |
| XSA-132 |
2015-04-20 17:10 | 2023-12-15 15:35 |
3 |
CVE-2015-3340 |
Information leak through XEN_DOMCTL_gettscinfo |
| XSA-131 |
2015-06-02 12:00 | 2015-06-02 14:02 |
3 |
CVE-2015-4106 |
Unmediated PCI register access in qemu |
| XSA-130 |
2015-06-02 12:00 | 2015-06-02 14:02 |
2 |
CVE-2015-4105 |
Guest triggerable qemu MSI-X pass-through error messages |
| XSA-129 |
2015-06-02 12:00 | 2015-06-02 14:02 |
2 |
CVE-2015-4104 |
PCI MSI mask bits inadvertently exposed to guests |
| XSA-128 |
2015-06-02 12:00 | 2015-06-02 14:02 |
2 |
CVE-2015-4103 |
Potential unintended writes to host MSI message data field via qemu |
| XSA-127 |
2015-03-31 12:00 | 2023-12-15 15:35 |
3 |
CVE-2015-2751 |
Certain domctl operations may be abused to lock up the host |
| XSA-126 |
2015-03-31 12:00 | 2023-12-15 15:35 |
4 |
CVE-2015-2756 |
Unmediated PCI command register access in qemu |
| XSA-125 |
2015-03-31 12:00 | 2015-03-31 12:09 |
3 |
CVE-2015-2752 |
Long latency MMIO mapping operations are not preemptible |
| XSA-124 |
2015-03-10 12:00 | 2015-03-10 12:00 |
2 |
none (yet) assigned |
Non-standard PCI device functionality may render pass-through insecure |
| XSA-123 |
2015-03-10 12:00 | 2015-03-10 12:00 |
4 |
CVE-2015-2151 |
Hypervisor memory corruption due to x86 emulator flaw |
| XSA-122 |
2015-03-05 12:00 | 2015-03-05 12:18 |
3 |
CVE-2015-2045 |
Information leak through version information hypercall |
| XSA-121 |
2015-03-05 12:00 | 2015-03-05 12:18 |
3 |
CVE-2015-2044 |
Information leak via internal x86 system device emulation |
| XSA-120 |
2015-03-10 12:00 | 2023-12-15 15:35 |
6 |
CVE-2015-2150 CVE-2015-8553 |
Non-maskable interrupts triggerable by guests |
| XSA-119 |
2015-03-12 12:00 | 2015-03-12 13:32 |
3 |
CVE-2015-2152 |
HVM qemu unexpectedly enabling emulated VGA graphics backends |
| XSA-118 |
2015-01-29 11:14 | 2015-02-25 11:14 |
2 |
CVE-2015-1563 |
arm: vgic: incorrect rate limiting of guest triggered logging |
| XSA-117 |
2015-02-12 12:00 | 2015-02-12 17:41 |
2 |
CVE-2015-0268 |
arm: vgic-v2: GICD_SGIR is not properly emulated |
| XSA-116 |
2015-01-06 12:00 | 2015-01-06 12:40 |
3 |
CVE-2015-0361 |
xen crash due to use after free on hvm guest teardown |
| XSA-115 |
2020-12-15 12:00 | 2020-12-15 12:15 |
4 |
CVE-2020-29480 |
xenstore watch notifications lacking permission checks |
| XSA-114 |
2014-12-08 12:00 | 2014-12-08 12:08 |
3 |
CVE-2014-9065 CVE-2014-9066 |
p2m lock starvation |
| XSA-113 |
2014-11-20 16:26 | 2014-11-21 12:25 |
2 |
CVE-2014-9030 |
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling |
| XSA-112 |
2014-11-27 11:25 | 2023-12-15 15:35 |
6 |
CVE-2014-8867 |
Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor |
| XSA-111 |
2014-11-27 11:25 | 2023-12-15 15:35 |
4 |
CVE-2014-8866 |
Excessive checking in compatibility mode hypercall argument translation |
| XSA-110 |
2014-11-18 12:00 | 2023-12-15 15:35 |
4 |
CVE-2014-8595 |
Missing privilege level checks in x86 emulation of far branches |
| XSA-109 |
2014-11-18 12:00 | 2015-01-20 18:14 |
4 |
CVE-2014-8594 |
Insufficient restrictions on certain MMU update hypercalls |
| XSA-108 |
2014-10-01 12:00 | 2014-10-01 12:02 |
4 |
CVE-2014-7188 |
Improper MSR range used for x2APIC emulation |
| XSA-107 |
2014-09-09 12:30 | 2014-09-11 10:07 |
2 |
CVE-2014-6268 |
Mishandling of uninitialised FIFO-based event channel control blocks |
| XSA-106 |
2014-09-23 12:00 | 2014-09-24 10:29 |
3 |
CVE-2014-7156 |
Missing privilege level checks in x86 emulation of software interrupts |
| XSA-105 |
2014-09-23 12:00 | 2014-09-24 10:29 |
3 |
CVE-2014-7155 |
Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation |
| XSA-104 |
2014-09-23 12:00 | 2014-09-24 10:29 |
3 |
CVE-2014-7154 |
Race condition in HVMOP_track_dirty_vram |
| XSA-103 |
2014-08-12 12:00 | 2014-08-12 13:02 |
3 |
CVE-2014-5148 |
Flaw in handling unknown system register access from 64-bit userspace on ARM |
| XSA-102 |
2014-08-12 12:00 | 2014-08-12 13:02 |
3 |
CVE-2014-5147 |
Flaws in handling traps from 32-bit userspace on 64-bit ARM |
| XSA-101 |
2014-06-25 12:00 | 2014-06-30 14:22 |
3 |
CVE-2014-4022 |
information leak via gnttab_setup_table on ARM |
| XSA-100 |
2014-06-17 11:44 | 2014-06-17 11:44 |
3 |
CVE-2014-4021 |
Hypervisor heap contents leaked to guests |
| XSA-99 |
2014-06-17 11:44 | 2014-06-17 11:44 |
2 |
none (yet) assigned |
unexpected pitfall in xenaccess API |
| XSA-98 |
2014-06-04 12:00 | 2015-03-13 15:59 |
5 |
CVE-2014-3969 |
insufficient permissions checks accessing guest memory on ARM |
| XSA-97 |
2014-08-12 12:00 | 2014-08-12 13:02 |
3 |
CVE-2014-5146 CVE-2014-5149 |
Long latency virtual-mmu operations are not preemptible |
| XSA-96 |
2014-06-03 12:00 | 2014-06-04 16:03 |
3 |
CVE-2014-3967 CVE-2014-3968 |
Vulnerabilities in HVM MSI injection |
| XSA-95 |
2014-05-14 10:44 | 2014-05-16 10:34 |
3 |
CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 |
input handling vulnerabilities loading guest kernel on ARM |
| XSA-94 |
2014-04-23 13:05 | 2014-04-23 15:12 |
2 |
CVE-2014-2986 |
ARM hypervisor crash on guest interrupt controller access |
| XSA-93 |
2014-04-22 15:05 | 2014-04-23 10:19 |
2 |
CVE-2014-2915 |
Hardware features unintentionally exposed to guests on ARM |
| XSA-92 |
2014-04-29 08:50 | 2014-05-01 10:52 |
3 |
CVE-2014-3124 |
HVMOP_set_mem_type allows invalid P2M entries to be created |
| XSA-91 |
2014-04-30 09:52 | 2014-05-01 10:52 |
3 |
CVE-2014-3125 |
Hardware timer context is not properly context switched on ARM |
| XSA-90 |
2014-03-24 13:00 | 2014-04-02 11:49 |
2 |
CVE-2014-2580 |
Linux netback crash trying to disable due to malformed packet |
| XSA-89 |
2014-03-25 12:00 | 2014-04-02 11:45 |
3 |
CVE-2014-2599 |
HVMOP_set_mem_access is not preemptible |
| XSA-88 |
2014-02-12 12:00 | 2014-02-12 17:04 |
3 |
CVE-2014-1950 |
use-after-free in xc_cpupool_getinfo() under memory pressure |
| XSA-87 |
2014-01-23 17:38 | 2014-01-24 15:37 |
2 |
CVE-2014-1666 |
PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests |
| XSA-86 |
2014-02-06 12:00 | 2014-02-10 11:25 |
3 |
CVE-2014-1896 |
libvchan failure handling malicious ring indexes |
| XSA-85 |
2014-02-06 12:00 | 2014-02-10 11:25 |
3 |
CVE-2014-1895 |
Off-by-one error in FLASK_AVC_CACHESTAT hypercall |
| XSA-84 |
2014-02-06 12:00 | 2023-12-15 15:35 |
4 |
CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 |
integer overflow in several XSM/Flask hypercalls |
| XSA-83 |
2014-01-23 12:00 | 2014-01-23 14:26 |
3 |
CVE-2014-1642 |
Out-of-memory condition yielding memory corruption during IRQ setup |
| XSA-82 |
2013-12-02 17:13 | 2014-02-19 16:54 |
4 |
CVE-2013-6885 |
Guest triggerable AMD CPU erratum may cause host hang |
| XSA-81 |
2013-11-27 13:21 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-80 |
2013-12-10 12:00 | 2013-12-10 12:58 |
3 |
CVE-2013-6400 |
IOMMU TLB flushing may be inadvertently suppressed |
| XSA-79 |
2013-11-27 13:20 | |
- |
- |
Unused Xen Security Advisory number |
| XSA-78 |
2013-11-20 17:08 | 2013-11-21 11:32 |
2 |
CVE-2013-6375 |
Insufficient TLB flushing in VT-d (iommu) code |
| XSA-77 |
2013-12-10 12:00 | 2013-12-10 12:58 |
3 |
none (yet) assigned |
Disaggregated domain management security status |
| XSA-76 |
2013-11-26 12:00 | 2013-11-26 17:02 |
3 |
CVE-2013-4554 |
Hypercalls exposed to privilege rings 1 and 2 of HVM guests |
| XSA-75 |
2013-11-08 16:20 | 2013-11-11 11:42 |
2 |
CVE-2013-4551 |
Host crash due to guest VMX instruction execution |
| XSA-74 |
2013-11-26 12:00 | 2013-11-26 17:02 |
3 |
CVE-2013-4553 |
Lock order reversal between page_alloc_lock and mm_rwlock |
| XSA-73 |
2013-11-01 15:07 | 2013-11-04 13:15 |
3 |
CVE-2013-4494 |
Lock order reversal between page allocation and grant table locks |
| XSA-72 |
2013-10-29 12:00 | 2013-10-29 15:39 |
3 |
CVE-2013-4416 |
ocaml xenstored mishandles oversized message replies |
| XSA-71 |
2013-10-10 12:00 | 2013-10-10 12:28 |
2 |
CVE-2013-4375 |
qemu disk backend (qdisk) resource leak |
| XSA-70 |
2013-10-10 12:00 | 2013-10-10 12:22 |
2 |
CVE-2013-4371 |
use-after-free in libxl_list_cpupool under memory pressure |
| XSA-69 |
2013-10-10 12:00 | 2013-10-10 12:22 |
2 |
CVE-2013-4370 |
misplaced free in ocaml xc_vcpu_getaffinity stub |
| XSA-68 |
2013-10-10 12:00 | 2013-10-10 12:22 |
2 |
CVE-2013-4369 |
possible null dereference when parsing vif ratelimiting info |
| XSA-67 |
2013-10-10 12:00 | 2013-10-10 12:22 |
2 |
CVE-2013-4368 |
Information leak through outs instruction emulation |
| XSA-66 |
2013-09-30 10:04 | 2013-09-30 10:04 |
3 |
CVE-2013-4361 |
Information leak through fbld instruction emulation |
| XSA-65 |
2013-10-02 15:00 | 2013-10-02 16:23 |
2 |
CVE-2013-4344 |
qemu SCSI REPORT LUNS buffer overflow |
| XSA-64 |
2013-09-30 10:04 | 2013-09-30 10:04 |
3 |
CVE-2013-4356 |
Memory accessible by 64-bit PV guests under live migration |
| XSA-63 |
2013-09-30 10:04 | 2023-12-15 15:35 |
4 |
CVE-2013-4355 |
Information leaks through I/O instruction emulation |
| XSA-62 |
2013-09-24 12:00 | 2023-12-15 15:35 |
3 |
CVE-2013-1442 |
Information leak on AVX and/or LWP capable CPUs |
| XSA-61 |
2013-09-10 10:56 | 2013-09-11 12:13 |
2 |
CVE-2013-4329 |
libxl partially sets up HVM passthrough even with disabled iommu |
| XSA-60 |
2013-07-19 12:00 | 2014-02-19 16:54 |
6 |
CVE-2013-2212 |
Excessive time to disable caching with HVM guests with PCI passthrough |
| XSA-59 |
2013-08-20 12:00 | 2013-08-20 12:07 |
4 |
CVE-2013-3495 |
Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts |
| XSA-58 |
2013-06-26 12:00 | 2013-06-26 13:18 |
2 |
CVE-2013-1432 |
Page reference counting error due to XSA-45/CVE-2013-1918 fixes |
| XSA-57 |
2013-06-20 12:00 | 2013-06-26 10:37 |
4 |
CVE-2013-2211 |
libxl allows guest write access to sensitive console related xenstore keys |
| XSA-56 |
2013-05-17 12:00 | 2013-05-17 15:44 |
2 |
CVE-2013-2072 |
Buffer overflow in xencontrol Python bindings affecting xend |
| XSA-55 |
2013-06-03 16:18 | 2013-06-20 10:26 |
5 |
CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 |
Multiple vulnerabilities in libelf PV kernel handling |
| XSA-54 |
2013-06-03 12:00 | 2014-06-03 12:23 |
4 |
CVE-2013-2078 |
Hypervisor crash due to missing exception recovery on XSETBV |
| XSA-53 |
2013-06-03 12:00 | 2013-06-03 16:18 |
3 |
CVE-2013-2077 |
Hypervisor crash due to missing exception recovery on XRSTOR |
| XSA-52 |
2013-06-03 12:00 | 2013-06-03 16:18 |
3 |
CVE-2013-2076 |
Information leak on XSAVE/XRSTOR capable AMD CPUs |
| XSA-51 |
2013-05-06 15:00 | 2013-05-06 21:18 |
2 |
CVE-2013-2007 |
qemu guest agent (qga) insecure file permissions |
| XSA-50 |
2013-04-18 15:16 | 2023-12-15 15:35 |
2 |
CVE-2013-1964 |
grant table hypercall acquire/release imbalance |
| XSA-49 |
2013-05-02 12:00 | 2023-12-15 15:35 |
3 |
CVE-2013-1952 |
VT-d interrupt remapping source validation flaw for bridges |
| XSA-48 |
2013-04-15 15:00 | 2023-12-15 15:35 |
3 |
CVE-2013-1922 |
qemu-nbd format-guessing due to missing format specification |
| XSA-47 |
2013-04-04 17:54 | 2013-04-04 17:54 |
1 |
CVE-2013-1920 |
Potential use of freed memory in event channel operations |
| XSA-46 |
2013-04-18 12:00 | 2013-04-18 13:35 |
3 |
CVE-2013-1919 |
Several access permission issues with IRQs for unprivileged guests |
| XSA-45 |
2013-05-02 12:00 | 2013-05-02 13:54 |
2 |
CVE-2013-1918 |
Several long latency operations are not preemptible |
| XSA-44 |
2013-04-18 12:00 | 2013-04-18 13:50 |
3 |
CVE-2013-1917 |
Xen PV DoS vulnerability with SYSENTER |
| XSA-43 |
2013-02-05 12:00 | 2023-12-15 15:35 |
3 |
CVE-2013-0231 |
Linux pciback DoS via not rate limited log messages. |
| XSA-42 |
2013-02-12 12:00 | 2013-02-13 16:49 |
2 |
CVE-2013-0228 |
Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. |
| XSA-41 |
2013-01-16 14:50 | 2013-01-17 12:17 |
2 |
CVE-2012-6075 |
qemu (e1000 device driver): Buffer overflow when processing large packets |
| XSA-40 |
2013-01-16 14:50 | 2023-12-15 15:35 |
2 |
CVE-2013-0190 |
Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. |
| XSA-39 |
2013-02-05 12:00 | 2023-12-15 15:35 |
3 |
CVE-2013-0216 CVE-2013-0217 |
Linux netback DoS via malicious guest ring. |
| XSA-38 |
2013-02-05 12:00 | 2013-02-15 11:40 |
3 |
CVE-2013-0215 |
oxenstored incorrect handling of certain Xenbus ring states |
| XSA-37 |
2013-01-04 16:00 | 2013-01-04 16:00 |
1 |
CVE-2013-0154 |
Hypervisor crash due to incorrect ASSERT (debug build only) |
| XSA-36 |
2013-02-05 12:00 | 2013-02-21 11:05 |
4 |
CVE-2013-0153 |
interrupt remap entries shared and old ones not cleared on AMD IOMMUs |
| XSA-35 |
2013-01-22 11:49 | 2013-01-23 18:28 |
4 |
CVE-2013-0152 |
Nested HVM exposes host to being driven out of memory by guest |
| XSA-34 |
2013-01-22 11:49 | 2013-01-22 11:49 |
2 |
CVE-2013-0151 |
nested virtualization on 32-bit exposes host crash |
| XSA-33 |
2013-01-08 12:00 | 2013-01-11 17:10 |
3 |
CVE-2012-5634 |
VT-d interrupt remapping source validation flaw |
| XSA-32 |
2012-12-03 17:51 | 2012-12-03 17:51 |
4 |
CVE-2012-5525 |
several hypercalls do not validate input GFNs |
| XSA-31 |
2012-12-03 17:51 | 2012-12-03 17:51 |
3 |
CVE-2012-5515 |
Several memory hypercall operations allow invalid extent order values |
| XSA-30 |
2012-12-03 17:51 | 2023-12-15 15:35 |
5 |
CVE-2012-5514 |
Broken error handling in guest_physmap_mark_populate_on_demand() |
| XSA-29 |
2012-12-03 17:51 | 2012-12-03 17:51 |
3 |
CVE-2012-5513 |
XENMEM_exchange may overwrite hypervisor memory |
| XSA-28 |
2012-12-03 17:51 | 2012-12-03 17:51 |
3 |
CVE-2012-5512 |
HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak |
| XSA-27 |
2012-12-03 17:51 | 2023-12-15 15:35 |
6 |
CVE-2012-5511 CVE-2012-6333 |
several HVM operations do not validate the range of their inputs |
| XSA-26 |
2012-12-03 17:51 | 2012-12-03 17:51 |
3 |
CVE-2012-5510 |
Grant table version switch list corruption vulnerability |