Advisories, publicly released or pre-released

All times are in UTC. For general information about Xen and security see the Xen Project website and security policy. An experimental JSON document listing advisories is also available.

Advisory Public release Updated Version CVE(s) Title
XSA-267 2018-06-13 20:23 2018-06-13 20:23 3 CVE-2018-3665 Speculative register leakage from lazy FPU context switching
XSA-266 2018-06-27 21:00 none (yet) assigned (Prereleased, but embargoed)
XSA-265 2018-06-27 21:00 none (yet) assigned (Prereleased, but embargoed)
XSA-264 2018-06-27 21:00 none (yet) assigned (Prereleased, but embargoed)
XSA-263 2018-05-21 16:52 2018-05-21 16:52 1 CVE-2018-3639 Speculative Store Bypass
XSA-262 2018-05-08 16:45 2018-05-11 10:13 3 CVE-2018-10981 qemu may drive Xen into unbounded loop
XSA-261 2018-05-08 16:45 2018-05-11 10:13 3 CVE-2018-10982 x86 vHPET interrupt injection errors
XSA-260 2018-05-08 16:45 2018-05-08 16:45 2 CVE-2018-8897 x86: mishandling of debug exceptions
XSA-259 2018-04-25 12:00 2018-04-30 13:14 3 CVE-2018-10471 x86: PV guest may crash Xen with XPTI
XSA-258 2018-04-25 12:00 2018-04-30 13:14 3 CVE-2018-10472 Information leak via crafted user-supplied CDROM
XSA-256 2018-02-27 11:57 2018-03-01 13:15 3 CVE-2018-7542 x86 PVH guest without LAPIC may DoS the host
XSA-255 2018-02-27 11:57 2018-03-01 13:15 4 CVE-2018-7541 grant table v2 -> v1 transition may crash Xen
XSA-254 2018-01-03 22:29 2018-02-23 19:35 12 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Information leak via side effects of speculative execution
XSA-253 2018-01-04 12:00 2018-01-06 15:24 3 CVE-2018-5244 x86: memory leak with MSR emulation
XSA-252 2018-02-27 11:57 2018-03-01 13:15 3 CVE-2018-7540 DoS via non-preemptable L3/L4 pagetable freeing
XSA-251 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17565 improper bug check in x86 log-dirty handling
XSA-250 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17564 improper x86 shadow mode refcount error handling
XSA-249 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17563 broken x86 shadow mode refcount overflow check
XSA-248 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17566 x86 PV guests may gain access to internally used pages
XSA-247 2017-11-28 11:58 2017-11-30 11:59 3 CVE-2017-17045 Missing p2m error checking in PoD code
XSA-246 2017-11-28 11:58 2017-11-30 11:59 3 CVE-2017-17044 x86: infinite loop due to missing PoD error checking
XSA-245 2017-09-28 17:26 2017-11-30 11:59 2 CVE-2017-17046 ARM: Some memory not scrubbed at boot
XSA-244 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15594 x86: Incorrect handling of IST settings during CPU hotplug
XSA-243 2017-10-12 12:00 2017-11-15 17:13 5 CVE-2017-15592 x86: Incorrect handling of self-linear shadow mappings with translated guests
XSA-242 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15593 page type reference leak on x86
XSA-241 2017-10-12 12:00 2017-10-18 12:08 4 CVE-2017-15588 Stale TLB entry due to page type release race
XSA-240 2017-10-12 12:00 2017-12-11 18:15 6 CVE-2017-15595 Unlimited recursion in linear pagetable de-typing
XSA-239 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15589 hypervisor stack leak in x86 I/O intercept code
XSA-238 2017-10-12 12:00 2017-12-06 10:59 3 CVE-2017-15591 DMOP map/unmap missing argument checks
XSA-237 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15590 multiple MSI mapping issues on x86
XSA-236 2017-10-24 12:00 2017-10-24 13:55 3 CVE-2017-15597 pin count / page reference race in grant table code
XSA-235 2017-08-23 15:16 2017-10-18 12:08 2 CVE-2017-15596 add-to-physmap error paths fail to release lock on ARM
XSA-234 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14319 insufficient grant unmapping checks for x86 PV guests
XSA-233 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14317 cxenstored: Race in domain cleanup
XSA-232 2017-09-12 12:00 2017-09-12 12:03 4 CVE-2017-14318 Missing check for grant table
XSA-231 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14316 Missing NUMA node parameter verification
XSA-230 2017-08-15 12:00 2017-08-15 13:47 3 CVE-2017-12855 grant_table: possibly premature clearing of GTF_writing / GTF_reading
XSA-229 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12134 linux: Fix Xen block IO merge-ability calculation
XSA-228 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12136 grant_table: Race conditions with maptrack free list handling
XSA-227 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12137 x86: PV privilege escalation via map_grant_ref
XSA-226 2017-08-15 12:00 2017-08-29 12:03 7 CVE-2017-12135 multiple problems with transitive grants
XSA-225 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10923 arm: vgic: Out-of-bound access when sending SGIs
XSA-224 2017-06-20 11:58 2017-07-07 13:52 5 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 grant table operations mishandle reference counts
XSA-223 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10919 ARM guest disabling interrupt may crash Xen
XSA-222 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10918 stale P2M mappings due to insufficient error checking
XSA-221 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10917 NULL pointer deref in event channel poll
XSA-220 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10916 x86: PKRU and BND* leakage between vCPU-s
XSA-219 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10915 x86: insufficient reference counts during shadow emulation
XSA-218 2017-06-20 12:00 2017-07-07 13:52 5 CVE-2017-10913 CVE-2017-10914 Races in the grant table unmap code
XSA-217 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10912 page transfer may allow PV guest to elevate privilege
XSA-216 2017-06-20 11:58 2017-07-07 13:52 5 CVE-2017-10911 blkif responses leak backend stack data
XSA-215 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8905 possible memory corruption via failsafe callback
XSA-214 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8904 grant transfer allows PV guest to elevate privileges
XSA-213 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8903 x86: 64bit PV guest breakout via pagetable use-after-mode-change
XSA-212 2017-04-04 12:00 2017-04-04 12:37 3 CVE-2017-7228 x86: broken check in memory_exchange() permits PV guest breakout
XSA-211 2017-03-14 11:58 2017-03-14 11:58 2 CVE-2016-9603 Cirrus VGA Heap overflow via display refresh
XSA-210 2017-02-23 16:28 2017-02-23 16:28 1 none (yet) assigned arm: memory corruption when freeing p2m pages
XSA-209 2017-02-21 10:42 2017-02-23 15:52 4 CVE-2017-2620 cirrus_bitblt_cputovideo does not check if memory region is safe
XSA-208 2017-02-10 12:43 2017-02-13 18:13 2 CVE-2017-2615 oob access in cirrus bitblt copy
XSA-207 2017-02-15 12:00 2017-02-15 12:05 2 none (yet) assigned memory leak when destroying guest without PT devices
XSA-206 2017-03-28 12:00 2017-03-29 15:05 9 none (yet) assigned xenstore denial of service via repeated update
XSA-205 2017-02-13 14:23 - - Unused Xen Security Advisory number
XSA-204 2016-12-19 15:36 2016-12-19 17:04 2 CVE-2016-10013 x86: Mishandling of SYSCALL singlestep during emulation
XSA-203 2016-12-21 12:00 2016-12-21 12:01 3 CVE-2016-10025 x86: missing NULL pointer check in VMFUNC emulation
XSA-202 2016-12-21 12:00 2016-12-21 12:01 3 CVE-2016-10024 x86 PV guests may be able to mask interrupts
XSA-201 2016-11-29 14:48 2016-12-07 10:32 2 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 ARM guests may induce host asynchronous abort
XSA-200 2016-12-13 12:00 2016-12-13 13:07 3 CVE-2016-9932 x86 CMPXCHG8B emulation fails to ignore operand size override
XSA-199 2016-12-06 12:00 2016-12-06 12:11 3 CVE-2016-9637 qemu ioport array overflow
XSA-198 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9379 CVE-2016-9380 delimiter injection vulnerabilities in pygrub
XSA-197 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9381 qemu incautious about shared ring processing
XSA-196 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9377 CVE-2016-9378 x86 software interrupt injection mis-handled
XSA-195 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9383 x86 64-bit bit test instruction emulation broken
XSA-194 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9384 guest 32-bit ELF symbol table load leaking host data
XSA-193 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9385 x86 segment base write emulation lacking canonical address checks
XSA-192 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9382 x86 task switch to VM86 mode mis-handled
XSA-191 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9386 x86 null segments not always treated as unusable
XSA-190 2016-10-04 12:00 2016-10-04 12:50 5 CVE-2016-7777 CR0.TS and CR0.EM not always honored for x86 HVM guests
XSA-189 2016-09-21 09:46 - - Unused Xen Security Advisory number
XSA-188 2016-09-08 12:00 2016-09-08 12:00 3 CVE-2016-7154 use after free in FIFO event channel code
XSA-187 2016-09-08 12:00 2016-09-08 12:04 3 CVE-2016-7094 x86 HVM: Overflow of sh_ctxt->seg_reg[]
XSA-186 2016-09-08 12:00 2016-09-08 12:00 4 CVE-2016-7093 x86: Mishandling of instruction pointer truncation during emulation
XSA-185 2016-09-08 12:00 2016-09-08 12:00 3 CVE-2016-7092 x86: Disallow L3 recursive pagetable for 32-bit PV guests
XSA-184 2016-07-27 15:00 2016-07-27 16:06 2 CVE-2016-5403 virtio: unbounded memory allocation issue
XSA-183 2016-07-26 11:32 2016-07-26 11:32 5 CVE-2016-6259 x86: Missing SMAP whitelisting in 32-bit exception / event delivery
XSA-182 2016-07-26 11:32 2016-07-26 11:32 3 CVE-2016-6258 x86: Privilege escalation in PV guests
XSA-181 2016-06-03 09:47 2016-06-03 13:55 2 CVE-2016-5242 arm: Host crash caused by VMID exhaustion
XSA-180 2016-05-23 17:09 2016-05-23 17:09 1 CVE-2014-3672 Unrestricted qemu logging
XSA-179 2016-05-09 11:48 2016-05-10 11:23 5 CVE-2016-3710 CVE-2016-3712 QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
XSA-178 2016-06-02 12:00 2016-06-06 16:55 4 CVE-2016-4963 Unsanitised driver domain input in libxl device handling
XSA-177 2016-05-24 12:21 - - Unused Xen Security Advisory number
XSA-176 2016-05-17 10:54 2016-05-17 10:54 3 CVE-2016-4480 x86 software guest page walk PS bit handling flaw
XSA-175 2016-06-02 12:00 2016-06-06 16:55 6 CVE-2016-4962 Unsanitised guest input in libxl device handling code
XSA-174 2016-04-14 12:00 2016-04-14 13:03 3 CVE-2016-3961 hugetlbfs use may crash PV Linux guests
XSA-173 2016-04-18 12:00 2016-04-18 13:31 3 CVE-2016-3960 x86 shadow pagetables: address width overflow
XSA-172 2016-03-24 16:26 2016-03-24 16:26 3 CVE-2016-3158 CVE-2016-3159 broken AMD FPU FIP/FDP/FOP leak workaround
XSA-171 2016-03-16 19:00 2016-03-16 19:03 4 CVE-2016-3157 I/O port access privilege escalation in x86-64 Linux
XSA-170 2016-02-17 12:00 2016-02-17 12:25 3 CVE-2016-2271 VMX: guest user mode may crash guest with non-canonical RIP
XSA-169 2015-12-21 11:12 2015-12-22 18:46 2 CVE-2015-8615 x86: unintentional logging upon guest changing callback method
XSA-168 2016-01-20 12:00 2016-01-20 12:08 3 CVE-2016-1571 VMX: intercept issue with INVLPG on non-canonical address
XSA-167 2016-01-20 12:00 2016-01-20 12:08 4 CVE-2016-1570 PV superpage functionality missing sanity checks
XSA-166 2015-12-17 12:00 2015-12-17 12:38 2 none (yet) assigned ioreq handling possibly susceptible to multiple read issue
XSA-165 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8555 information leak in legacy x86 FPU/XMM initialization
XSA-164 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8554 qemu-dm buffer overrun in MSI-X handling
XSA-163 2015-11-24 17:12 2015-11-24 17:12 1 none (yet) assigned virtual PMU is unsupported
XSA-162 2015-11-30 06:00 2015-11-30 10:54 2 CVE-2015-7504 heap buffer overflow vulnerability in pcnet emulator
XSA-161 2015-11-25 15:29 2015-11-25 15:29 2 none (yet) assigned WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM
XSA-160 2015-12-08 11:29 2015-12-08 11:29 3 CVE-2015-8341 libxl leak of pv kernel and initrd on error
XSA-159 2015-12-08 11:29 2015-12-08 11:29 4 CVE-2015-8339 CVE-2015-8340 XENMEM_exchange error handling issues
XSA-158 2015-12-08 11:29 2015-12-10 13:55 4 CVE-2015-8338 long running memory operations on ARM
XSA-157 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8551 CVE-2015-8552 Linux pciback missing sanity checks leading to crash
XSA-156 2015-11-10 00:01 2015-11-10 00:07 2 CVE-2015-5307 CVE-2015-8104 x86: CPU lockup during exception delivery
XSA-155 2015-12-17 12:00 2015-12-17 13:36 6 CVE-2015-8550 paravirtualized drivers incautious about shared memory contents
XSA-154 2016-02-17 12:00 2016-02-17 12:25 3 CVE-2016-2270 x86: inconsistent cachability flags on guest mappings
XSA-153 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7972 x86: populate-on-demand balloon size inaccuracy can crash guests
XSA-152 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7971 x86: some pmu and profiling hypercalls log without rate limiting
XSA-151 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7969 x86: leak of per-domain profiling-related vcpu pointer array
XSA-150 2015-10-29 11:59 2015-10-29 11:59 5 CVE-2015-7970 x86: Long latency populate-on-demand operation is not preemptible
XSA-149 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7969 leak of main per-domain vcpu pointer array
XSA-148 2015-10-29 11:59 2015-10-29 11:59 4 CVE-2015-7835 x86: Uncontrolled creation of large page mappings by PV guests
XSA-147 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7814 arm: Race between domain destruction and memory allocation decrease
XSA-146 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7813 arm: various unimplemented hypercalls log without rate limiting
XSA-145 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7812 arm: Host crash when preempting a multicall
XSA-144 2015-10-14 12:03 - - Unused Xen Security Advisory number
XSA-143 2015-10-14 12:03 - - Unused Xen Security Advisory number
XSA-142 2015-09-22 10:00 2015-09-22 15:15 2 CVE-2015-7311 libxl fails to honour readonly flag on disks with qemu-xen
XSA-141 2015-09-01 12:00 2015-09-01 13:18 3 CVE-2015-6654 printk is not rate-limited in xenmem_add_to_physmap_one
XSA-140 2015-08-03 12:00 2015-08-03 12:37 2 CVE-2015-5165 QEMU leak of uninitialized heap memory in rtl8139 device model
XSA-139 2015-08-03 12:00 2015-08-03 12:37 2 CVE-2015-5166 Use after free in QEMU/Xen block unplug protocol
XSA-138 2015-07-27 12:00 2015-07-27 12:03 2 CVE-2015-5154 QEMU heap overflow flaw while processing certain ATAPI commands.
XSA-137 2015-07-07 12:00 2015-07-07 12:25 3 CVE-2015-3259 xl command line config handling stack overflow
XSA-136 2015-06-11 12:00 2015-06-11 12:28 3 CVE-2015-4164 vulnerability in the iret hypercall handler
XSA-135 2015-06-10 13:10 2015-06-10 13:10 3 CVE-2015-3209 Heap overflow in QEMU PCNET controller, allowing guest->host escape
XSA-134 2015-06-11 12:00 2015-06-11 12:28 3 CVE-2015-4163 GNTTABOP_swap_grant_ref operation misbehavior
XSA-133 2015-05-13 11:15 2015-05-13 11:15 2 CVE-2015-3456 Privilege escalation via emulated floppy disk drive
XSA-132 2015-04-20 17:10 2015-04-22 13:20 2 CVE-2015-3340 Information leak through XEN_DOMCTL_gettscinfo
XSA-131 2015-06-02 12:00 2015-06-02 14:02 3 CVE-2015-4106 Unmediated PCI register access in qemu
XSA-130 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4105 Guest triggerable qemu MSI-X pass-through error messages
XSA-129 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4104 PCI MSI mask bits inadvertently exposed to guests
XSA-128 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4103 Potential unintended writes to host MSI message data field via qemu
XSA-127 2015-03-31 12:00 2015-03-31 12:09 2 CVE-2015-2751 Certain domctl operations may be abused to lock up the host
XSA-126 2015-03-31 12:00 2015-03-31 12:09 3 CVE-2015-2756 Unmediated PCI command register access in qemu
XSA-125 2015-03-31 12:00 2015-03-31 12:09 3 CVE-2015-2752 Long latency MMIO mapping operations are not preemptible
XSA-124 2015-03-10 12:00 2015-03-10 12:00 2 none (yet) assigned Non-standard PCI device functionality may render pass-through insecure
XSA-123 2015-03-10 12:00 2015-03-10 12:00 4 CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
XSA-122 2015-03-05 12:00 2015-03-05 12:18 3 CVE-2015-2045 Information leak through version information hypercall
XSA-121 2015-03-05 12:00 2015-03-05 12:18 3 CVE-2015-2044 Information leak via internal x86 system device emulation
XSA-120 2015-03-10 12:00 2015-03-31 16:13 5 CVE-2015-2150 Non-maskable interrupts triggerable by guests
XSA-119 2015-03-12 12:00 2015-03-12 13:32 3 CVE-2015-2152 HVM qemu unexpectedly enabling emulated VGA graphics backends
XSA-118 2015-01-29 11:14 2015-02-25 11:14 2 CVE-2015-1563 arm: vgic: incorrect rate limiting of guest triggered logging
XSA-117 2015-02-12 12:00 2015-02-12 17:41 2 CVE-2015-0268 arm: vgic-v2: GICD_SGIR is not properly emulated
XSA-116 2015-01-06 12:00 2015-01-06 12:40 3 CVE-2015-0361 xen crash due to use after free on hvm guest teardown
XSA-114 2014-12-08 12:00 2014-12-08 12:08 3 CVE-2014-9065 CVE-2014-9066 p2m lock starvation
XSA-113 2014-11-20 16:26 2014-11-21 12:25 2 CVE-2014-9030 Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
XSA-112 2014-11-27 11:25 2014-11-27 11:25 5 CVE-2014-8867 Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
XSA-111 2014-11-27 11:25 2014-11-27 11:25 3 CVE-2014-8866 Excessive checking in compatibility mode hypercall argument translation
XSA-110 2014-11-18 12:00 2014-11-18 12:23 3 CVE-2014-8595 Missing privilege level checks in x86 emulation of far branches
XSA-109 2014-11-18 12:00 2015-01-20 18:14 4 CVE-2014-8594 Insufficient restrictions on certain MMU update hypercalls
XSA-108 2014-10-01 12:00 2014-10-01 12:02 4 CVE-2014-7188 Improper MSR range used for x2APIC emulation
XSA-107 2014-09-09 12:30 2014-09-11 10:07 2 CVE-2014-6268 Mishandling of uninitialised FIFO-based event channel control blocks
XSA-106 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7156 Missing privilege level checks in x86 emulation of software interrupts
XSA-105 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7155 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
XSA-104 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7154 Race condition in HVMOP_track_dirty_vram
XSA-103 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5148 Flaw in handling unknown system register access from 64-bit userspace on ARM
XSA-102 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5147 Flaws in handling traps from 32-bit userspace on 64-bit ARM
XSA-101 2014-06-25 12:00 2014-06-30 14:22 3 CVE-2014-4022 information leak via gnttab_setup_table on ARM
XSA-100 2014-06-17 11:44 2014-06-17 11:44 3 CVE-2014-4021 Hypervisor heap contents leaked to guests
XSA-99 2014-06-17 11:44 2014-06-17 11:44 2 none (yet) assigned unexpected pitfall in xenaccess API
XSA-98 2014-06-04 12:00 2015-03-13 15:59 5 CVE-2014-3969 insufficient permissions checks accessing guest memory on ARM
XSA-97 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5146 CVE-2014-5149 Long latency virtual-mmu operations are not preemptible
XSA-96 2014-06-03 12:00 2014-06-04 16:03 3 CVE-2014-3967 CVE-2014-3968 Vulnerabilities in HVM MSI injection
XSA-95 2014-05-14 10:44 2014-05-16 10:34 3 CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 input handling vulnerabilities loading guest kernel on ARM
XSA-94 2014-04-23 13:05 2014-04-23 15:12 2 CVE-2014-2986 ARM hypervisor crash on guest interrupt controller access
XSA-93 2014-04-22 15:05 2014-04-23 10:19 2 CVE-2014-2915 Hardware features unintentionally exposed to guests on ARM
XSA-92 2014-04-29 08:50 2014-05-01 10:52 3 CVE-2014-3124 HVMOP_set_mem_type allows invalid P2M entries to be created
XSA-91 2014-04-30 09:52 2014-05-01 10:52 3 CVE-2014-3125 Hardware timer context is not properly context switched on ARM
XSA-90 2014-03-24 13:00 2014-04-02 11:49 2 CVE-2014-2580 Linux netback crash trying to disable due to malformed packet
XSA-89 2014-03-25 12:00 2014-04-02 11:45 3 CVE-2014-2599 HVMOP_set_mem_access is not preemptible
XSA-88 2014-02-12 12:00 2014-02-12 17:04 3 CVE-2014-1950 use-after-free in xc_cpupool_getinfo() under memory pressure
XSA-87 2014-01-23 17:38 2014-01-24 15:37 2 CVE-2014-1666 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
XSA-86 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1896 libvchan failure handling malicious ring indexes
XSA-85 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1895 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
XSA-84 2014-02-06 12:00 2014-02-10 11:29 3 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 integer overflow in several XSM/Flask hypercalls
XSA-83 2014-01-23 12:00 2014-01-23 14:26 3 CVE-2014-1642 Out-of-memory condition yielding memory corruption during IRQ setup
XSA-82 2013-12-02 17:13 2014-02-19 16:54 4 CVE-2013-6885 Guest triggerable AMD CPU erratum may cause host hang
XSA-81 2013-11-27 13:21 - - Unused Xen Security Advisory number
XSA-80 2013-12-10 12:00 2013-12-10 12:58 3 CVE-2013-6400 IOMMU TLB flushing may be inadvertently suppressed
XSA-79 2013-11-27 13:20 - - Unused Xen Security Advisory number
XSA-78 2013-11-20 17:08 2013-11-21 11:32 2 CVE-2013-6375 Insufficient TLB flushing in VT-d (iommu) code
XSA-77 2013-12-10 12:00 2013-12-10 12:58 3 none (yet) assigned Disaggregated domain management security status
XSA-76 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4554 Hypercalls exposed to privilege rings 1 and 2 of HVM guests
XSA-75 2013-11-08 16:20 2013-11-11 11:42 2 CVE-2013-4551 Host crash due to guest VMX instruction execution
XSA-74 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4553 Lock order reversal between page_alloc_lock and mm_rwlock
XSA-73 2013-11-01 15:07 2013-11-04 13:15 3 CVE-2013-4494 Lock order reversal between page allocation and grant table locks
XSA-72 2013-10-29 12:00 2013-10-29 15:39 3 CVE-2013-4416 ocaml xenstored mishandles oversized message replies
XSA-71 2013-10-10 12:00 2013-10-10 12:28 2 CVE-2013-4375 qemu disk backend (qdisk) resource leak
XSA-70 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4371 use-after-free in libxl_list_cpupool under memory pressure
XSA-69 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4370 misplaced free in ocaml xc_vcpu_getaffinity stub
XSA-68 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4369 possible null dereference when parsing vif ratelimiting info
XSA-67 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4368 Information leak through outs instruction emulation
XSA-66 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4361 Information leak through fbld instruction emulation
XSA-65 2013-10-02 15:00 2013-10-02 16:23 2 CVE-2013-4344 qemu SCSI REPORT LUNS buffer overflow
XSA-64 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4356 Memory accessible by 64-bit PV guests under live migration
XSA-63 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4355 Information leaks through I/O instruction emulation
XSA-62 2013-09-24 12:00 2013-09-25 08:23 2 CVE-2013-1442 Information leak on AVX and/or LWP capable CPUs
XSA-61 2013-09-10 10:56 2013-09-11 12:13 2 CVE-2013-4329 libxl partially sets up HVM passthrough even with disabled iommu
XSA-60 2013-07-19 12:00 2014-02-19 16:54 6 CVE-2013-2212 Excessive time to disable caching with HVM guests with PCI passthrough
XSA-59 2013-08-20 12:00 2013-08-20 12:07 4 CVE-2013-3495 Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts
XSA-58 2013-06-26 12:00 2013-06-26 13:18 2 CVE-2013-1432 Page reference counting error due to XSA-45/CVE-2013-1918 fixes
XSA-57 2013-06-20 12:00 2013-06-26 10:37 4 CVE-2013-2211 libxl allows guest write access to sensitive console related xenstore keys
XSA-56 2013-05-17 12:00 2013-05-17 15:44 2 CVE-2013-2072 Buffer overflow in xencontrol Python bindings affecting xend
XSA-55 2013-06-03 16:18 2013-06-20 10:26 5 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 Multiple vulnerabilities in libelf PV kernel handling
XSA-54 2013-06-03 12:00 2014-06-03 12:23 4 CVE-2013-2078 Hypervisor crash due to missing exception recovery on XSETBV
XSA-53 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2077 Hypervisor crash due to missing exception recovery on XRSTOR
XSA-52 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2076 Information leak on XSAVE/XRSTOR capable AMD CPUs
XSA-51 2013-05-06 15:00 2013-05-06 21:18 2 CVE-2013-2007 qemu guest agent (qga) insecure file permissions
XSA-50 2013-04-18 15:16 2013-04-18 15:16 1 CVE-2013-1964 grant table hypercall acquire/release imbalance
XSA-49 2013-05-02 12:00 2013-05-02 14:27 2 CVE-2013-1952 VT-d interrupt remapping source validation flaw for bridges
XSA-48 2013-04-15 15:00 2013-04-15 15:00 2 CVE-2013-1922 qemu-nbd format-guessing due to missing format specification
XSA-47 2013-04-04 17:54 2013-04-04 17:54 1 CVE-2013-1920 Potential use of freed memory in event channel operations
XSA-46 2013-04-18 12:00 2013-04-18 13:35 3 CVE-2013-1919 Several access permission issues with IRQs for unprivileged guests
XSA-45 2013-05-02 12:00 2013-05-02 13:54 2 CVE-2013-1918 Several long latency operations are not preemptible
XSA-44 2013-04-18 12:00 2013-04-18 13:50 3 CVE-2013-1917 Xen PV DoS vulnerability with SYSENTER
XSA-43 2013-02-05 12:00 2013-02-05 12:59 2 CVE-2013-0231 Linux pciback DoS via not rate limited log messages.
XSA-42 2013-02-12 12:00 2013-02-13 16:49 2 CVE-2013-0228 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
XSA-41 2013-01-16 14:50 2013-01-17 12:17 2 CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets
XSA-40 2013-01-16 14:50 2013-01-16 14:50 1 CVE-2013-0190 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
XSA-39 2013-02-05 12:00 2013-02-05 12:59 2 CVE-2013-0216 CVE-2013-0217 Linux netback DoS via malicious guest ring.
XSA-38 2013-02-05 12:00 2013-02-15 11:40 3 CVE-2013-0215 oxenstored incorrect handling of certain Xenbus ring states
XSA-37 2013-01-04 16:00 2013-01-04 16:00 1 CVE-2013-0154 Hypervisor crash due to incorrect ASSERT (debug build only)
XSA-36 2013-02-05 12:00 2013-02-21 11:05 4 CVE-2013-0153 interrupt remap entries shared and old ones not cleared on AMD IOMMUs
XSA-35 2013-01-22 11:49 2013-01-23 18:28 4 CVE-2013-0152 Nested HVM exposes host to being driven out of memory by guest
XSA-34 2013-01-22 11:49 2013-01-22 11:49 2 CVE-2013-0151 nested virtualization on 32-bit exposes host crash
XSA-33 2013-01-08 12:00 2013-01-11 17:10 3 CVE-2012-5634 VT-d interrupt remapping source validation flaw
XSA-32 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5525 several hypercalls do not validate input GFNs
XSA-31 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5515 Several memory hypercall operations allow invalid extent order values
XSA-30 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5514 Broken error handling in guest_physmap_mark_populate_on_demand()
XSA-29 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5513 XENMEM_exchange may overwrite hypervisor memory
XSA-28 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5512 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
XSA-27 2012-12-03 17:51 2013-01-17 12:17 5 CVE-2012-5511 CVE-2012-6333 several HVM operations do not validate the range of their inputs
XSA-26 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5510 Grant table version switch list corruption vulnerability
Advisories before 26 are not listed here.
Xenproject.org Security Team