Advisory | Public release | Updated | Version | CVE(s) | Title |
---|---|---|---|---|---|
XSA-462 | 2024-09-24 10:46 | 2024-09-24 10:46 | 2 | CVE-2024-45817 | x86: Deadlock in vlapic_error() |
XSA-461 | 2024-08-13 12:00 | 2024-08-14 13:24 | 2 | CVE-2024-31146 | PCI device pass-through with shared resources |
XSA-460 | 2024-08-13 12:00 | 2024-08-14 13:24 | 2 | CVE-2024-31145 | error handling in x86 IOMMU identity mapping |
XSA-459 | 2024-07-16 11:59 | 2024-07-16 11:59 | 2 | CVE-2024-31144 | Xapi: Metadata injection attack against backup/restore functionality |
XSA-458 | 2024-07-16 11:59 | 2024-07-16 11:59 | 2 | CVE-2024-31143 | double unlock in x86 guest IRQ handling |
XSA-457 | 2024-05-07 17:11 | 2024-05-08 22:19 | 3 | CVE-2024-27393 | Linux/xen-netfront: Memory leak due to missing cleanup function |
XSA-456 | 2024-04-09 17:00 | 2024-05-07 17:11 | 3 | CVE-2024-2201 | x86: Native Branch History Injection |
XSA-455 | 2024-04-09 16:29 | 2024-04-09 16:29 | 4 | CVE-2024-31142 | x86: Incorrect logic for BTC/SRSO mitigations |
XSA-454 | 2024-04-09 11:50 | 2024-04-09 11:50 | 2 | CVE-2023-46842 | x86 HVM hypercalls may trigger Xen bug check |
XSA-453 | 2024-03-12 16:44 | 2024-03-12 16:44 | 1 | CVE-2024-2193 | GhostRace: Speculative Race Conditions |
XSA-452 | 2024-03-12 16:44 | 2024-03-12 16:44 | 1 | CVE-2023-28746 | x86: Register File Data Sampling |
XSA-451 | 2024-02-27 10:38 | 2024-02-27 10:38 | 2 | CVE-2023-46841 | x86: shadow stack vs exceptions from emulation stubs |
XSA-450 | 2024-01-30 12:00 | 2024-01-30 13:09 | 2 | CVE-2023-46840 | VT-d: Failure to quarantine devices in !HVM builds |
XSA-449 | 2024-01-30 12:00 | 2024-01-30 13:09 | 2 | CVE-2023-46839 | pci: phantom functions assigned to incorrect contexts |
XSA-448 | 2024-01-22 18:30 | 2024-01-22 18:30 | 2 | CVE-2023-46838 | Linux: netback processing of zero-length transmit fragment |
XSA-447 | 2023-12-12 12:00 | 2023-12-12 12:01 | 2 | CVE-2023-46837 | arm32: The cache may not be properly cleaned/invalidated (take two) |
XSA-446 | 2023-11-14 12:00 | 2023-11-14 13:58 | 2 | CVE-2023-46836 | x86: BTC/SRSO fixes not fully effective |
XSA-445 | 2023-11-14 12:00 | 2023-11-14 13:58 | 3 | CVE-2023-46835 | x86/AMD: mismatch in IOMMU quarantine page table levels |
XSA-444 | 2023-10-10 12:00 | 2023-10-10 12:09 | 3 | CVE-2023-34327 CVE-2023-34328 | x86/AMD: Debug Mask handling |
XSA-443 | 2023-10-10 12:00 | 2023-11-09 15:18 | 4 | CVE-2023-34325 CVE-2022-4949 | Multiple vulnerabilities in libfsimage disk handling |
XSA-442 | 2023-10-10 11:26 | 2023-10-10 11:26 | 2 | CVE-2023-34326 | x86/AMD: missing IOMMU TLB flushing |
XSA-441 | 2023-10-10 11:26 | 2023-10-10 11:26 | 4 | CVE-2023-34324 | Possible deadlock in Linux kernel event handling |
XSA-440 | 2023-10-10 11:26 | 2023-12-15 15:35 | 4 | CVE-2023-34323 | xenstored: A transaction conflict can crash C Xenstored |
XSA-439 | 2023-09-25 16:03 | 2023-09-25 17:17 | 2 | CVE-2023-20588 | x86/AMD: Divide speculative information leak |
XSA-438 | 2023-09-19 12:00 | 2023-09-20 09:19 | 2 | CVE-2023-34322 | top-level shadow reference dropped too early for 64-bit PV guests |
XSA-437 | 2023-09-05 07:03 | 2023-09-05 07:03 | 2 | CVE-2023-34321 | arm32: The cache may not be properly cleaned/invalidated |
XSA-436 | 2023-08-01 14:44 | 2023-08-01 14:44 | 1 | CVE-2023-34320 | arm: Guests can trigger a deadlock on Cortex-A77 |
XSA-435 | 2023-08-08 15:53 | 2023-08-08 15:53 | 1 | CVE-2022-40982 | x86/Intel: Gather Data Sampling |
XSA-434 | 2023-08-08 15:53 | 2023-08-08 15:53 | 1 | CVE-2023-20569 | x86/AMD: Speculative Return Stack Overflow |
XSA-433 | 2023-07-24 16:00 | 2023-07-31 16:59 | 3 | CVE-2023-20593 | x86/AMD: Zenbleed |
XSA-432 | 2023-08-08 15:53 | 2023-08-08 15:53 | 2 | CVE-2023-34319 | Linux: buffer overrun in netback due to unusual packet |
XSA-431 | 2023-05-16 15:14 | 2023-05-16 15:14 | 1 | CVE-2022-42336 | Mishandling of guest SSBD selection on AMD hardware |
XSA-430 | 2023-04-25 10:48 | 2023-04-25 10:48 | 2 | CVE-2022-42335 | x86 shadow paging arbitrary pointer dereference |
XSA-429 | 2023-03-21 11:34 | 2023-03-21 11:34 | 3 | CVE-2022-42331 | x86: speculative vulnerability in 32bit SYSCALL path |
XSA-428 | 2023-03-21 11:34 | 2023-03-21 11:34 | 3 | CVE-2022-42333 CVE-2022-42334 | x86/HVM pinned cache attributes mis-handling |
XSA-427 | 2023-03-21 11:34 | 2023-03-21 11:34 | 2 | CVE-2022-42332 | x86 shadow plus log-dirty mode use-after-free |
XSA-426 | 2023-02-14 18:02 | 2023-02-16 17:42 | 2 | CVE-2022-27672 | x86: Cross-Thread Return Address Predictions |
XSA-425 | 2023-01-25 14:54 | 2023-01-25 14:54 | 1 | CVE-2022-42330 | Guests can cause Xenstore crash via soft reset |
XSA-424 | 2022-12-06 15:15 | 2022-12-06 15:15 | 1 | CVE-2022-42328 CVE-2022-42329 | Guests can trigger deadlock in Linux netback driver |
XSA-423 | 2022-12-06 15:15 | 2022-12-07 15:23 | 2 | CVE-2022-3643 | Guests can trigger NIC interface reset/abort/crash via netback |
XSA-422 | 2022-11-08 17:34 | 2022-11-10 15:13 | 2 | CVE-2022-23824 | x86: Multiple speculative security issues |
XSA-421 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42325 CVE-2022-42326 | Xenstore: Guests can create arbitrary number of nodes via transactions |
XSA-420 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42324 | Oxenstored 32->31 bit integer truncation issues |
XSA-419 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42322 CVE-2022-42323 | Xenstore: Cooperating guests can create arbitrary numbers of nodes |
XSA-418 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42321 | Xenstore: Guests can crash xenstored via exhausting the stack |
XSA-417 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42320 | Xenstore: Guests can get access to Xenstore nodes of deleted domains |
XSA-416 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42319 | Xenstore: Guests can cause Xenstore to not free temporary memory |
XSA-415 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42310 | Xenstore: Guests can create orphaned Xenstore nodes |
XSA-414 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42309 | Xenstore: Guests can crash xenstored |
XSA-413 | 2022-10-11 10:57 | 2022-10-11 10:57 | 2 | CVE-2022-33749 | XAPI open file limit DoS |
XSA-412 | 2022-11-01 10:57 | 2022-11-01 10:57 | 2 | CVE-2022-42327 | x86: unintended memory sharing between guests |
XSA-411 | 2022-10-11 10:57 | 2022-10-11 10:57 | 3 | CVE-2022-33748 | lock order inversion in transitive grant copy handling |
XSA-410 | 2022-10-11 10:57 | 2022-10-11 10:57 | 3 | CVE-2022-33746 | P2M pool freeing may take excessively long |
XSA-409 | 2022-10-11 10:57 | 2022-10-11 10:57 | 3 | CVE-2022-33747 | Arm: unbounded memory consumption for 2nd-level page tables |
XSA-408 | 2022-07-26 10:59 | 2022-07-26 19:23 | 3 | CVE-2022-33745 | insufficient TLB flush for x86 PV guests in shadow mode |
XSA-407 | 2022-07-12 16:35 | 2022-07-12 16:35 | 1 | CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 | Retbleed - arbitrary speculative code execution with return instructions |
XSA-406 | 2022-07-05 10:44 | 2022-07-05 10:44 | 3 | CVE-2022-33744 | Arm guests can cause Dom0 DoS via PV devices |
XSA-405 | 2022-07-05 10:44 | 2022-07-05 10:44 | 3 | CVE-2022-33743 | network backend may cause Linux netfront to use freed SKBs |
XSA-404 | 2022-06-14 18:21 | 2022-06-16 16:09 | 2 | CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 | x86: MMIO Stale Data vulnerabilities |
XSA-403 | 2022-07-05 10:44 | 2022-07-05 10:44 | 3 | CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 | Linux disk/nic frontends data leaks |
XSA-402 | 2022-06-09 12:00 | 2022-06-09 12:06 | 4 | CVE-2022-26363 CVE-2022-26364 | x86 pv: Insufficient care with non-coherent mappings |
XSA-401 | 2022-06-09 12:00 | 2022-06-09 12:06 | 2 | CVE-2022-26362 | x86 pv: Race condition in typeref acquisition |
XSA-400 | 2022-04-05 12:00 | 2022-04-05 12:02 | 2 | CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues |
XSA-399 | 2022-04-05 11:12 | 2022-04-05 11:12 | 2 | CVE-2022-26357 | race in VT-d domain ID cleanup |
XSA-398 | 2022-03-08 18:12 | 2022-03-18 14:39 | 2 | none (yet) assigned | Multiple speculative security issues |
XSA-397 | 2022-04-05 11:12 | 2022-04-05 11:12 | 2 | CVE-2022-26356 | Racy interactions between dirty vram tracking and paging log dirty hypercalls |
XSA-396 | 2022-03-10 10:54 | 2023-12-15 15:35 | 4 | CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 | Linux PV device frontends vulnerable to attacks by backends |
XSA-395 | 2022-01-25 11:32 | 2022-01-25 11:32 | 2 | CVE-2022-23035 | Insufficient cleanup of passed-through device IRQs |
XSA-394 | 2022-01-25 11:32 | 2022-01-25 11:32 | 3 | CVE-2022-23034 | A PV guest could DoS Xen while unmapping a grant |
XSA-393 | 2022-01-25 11:32 | 2022-01-25 11:32 | 2 | CVE-2022-23033 | arm: guest_physmap_remove_page not removing the p2m mappings |
XSA-392 | 2021-12-20 09:54 | 2021-12-20 09:54 | 4 | CVE-2021-28714 CVE-2021-28715 | Guest can force Linux netback driver to hog large amounts of kernel memory |
XSA-391 | 2021-12-20 09:54 | 2021-12-20 09:54 | 3 | CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 | Rogue backends can cause DoS of guests via high frequency events |
XSA-390 | 2021-11-19 14:10 | 2021-11-19 14:10 | 1 | CVE-2021-28710 | certain VT-d IOMMUs may not work in shared page table mode |
XSA-389 | 2021-11-23 12:00 | 2021-11-23 12:10 | 3 | CVE-2021-28705 CVE-2021-28709 | issues with partially successful P2M updates on x86 |
XSA-388 | 2021-11-23 12:00 | 2021-11-23 12:10 | 3 | CVE-2021-28704 CVE-2021-28707 CVE-2021-28708 | PoD operations on misaligned GFNs |
XSA-387 | 2021-11-23 12:00 | 2021-11-23 12:10 | 2 | CVE-2021-28703 | grant table v2 status pages may remain accessible after de-allocation (take two) |
XSA-386 | 2021-10-05 18:43 | 2021-10-07 14:40 | 2 | CVE-2021-28702 | PCI devices with RMRRs not deassigned correctly |
XSA-385 | 2021-11-23 12:00 | 2021-11-23 12:10 | 2 | CVE-2021-28706 | guests may exceed their designated memory limit |
XSA-384 | 2021-09-08 12:00 | 2021-09-08 12:27 | 3 | CVE-2021-28701 | Another race in XENMAPSPACE_grant_table handling |
XSA-383 | 2021-08-25 12:00 | 2021-08-25 12:00 | 2 | CVE-2021-28700 | xen/arm: No memory limit for dom0less domUs |
XSA-382 | 2021-08-25 12:00 | 2021-08-25 12:00 | 2 | CVE-2021-28699 | inadequate grant-v2 status frames array bounds check |
XSA-380 | 2021-08-25 12:00 | 2021-09-01 09:30 | 3 | CVE-2021-28698 | long running loops in grant table handling |
XSA-379 | 2021-08-25 12:00 | 2021-08-25 12:00 | 2 | CVE-2021-28697 | grant table v2 status pages may remain accessible after de-allocation |
XSA-378 | 2021-08-25 12:00 | 2021-09-01 09:30 | 3 | CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 | IOMMU page mapping issues on x86 |
XSA-377 | 2021-06-08 17:00 | 2021-06-08 17:04 | 2 | CVE-2021-28690 | x86: TSX Async Abort protections not restored after S3 |
XSA-376 | 2021-12-20 12:04 | 2021-12-20 12:04 | 1 | none (yet) assigned | frontends vulnerable to backends |
XSA-375 | 2021-06-08 17:00 | 2021-06-10 09:16 | 4 | CVE-2021-0089 CVE-2021-26313 | Speculative Code Store Bypass |
XSA-374 | 2021-06-08 17:00 | 2021-06-08 17:04 | 2 | CVE-2021-28691 | Guest triggered use-after-free in Linux xen-netback |
XSA-373 | 2021-06-08 17:00 | 2021-06-08 17:04 | 2 | CVE-2021-28692 | inappropriate x86 IOMMU timeout detection / handling |
XSA-372 | 2021-06-08 17:00 | 2021-06-08 17:04 | 3 | CVE-2021-28693 | xen/arm: Boot modules are not scrubbed |
XSA-371 | 2021-03-30 11:03 | 2021-03-30 11:03 | 3 | CVE-2021-28688 | Linux: blkback driver may leak persistent grants |
XSA-370 | 2021-05-04 10:19 | 2021-05-04 10:19 | 2 | CVE-2021-28689 | x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests |
XSA-369 | 2021-03-04 10:58 | 2023-12-15 15:35 | 3 | CVE-2021-28039 | Linux: special config may crash when trying to map foreign pages |
XSA-368 | 2021-03-18 11:57 | 2021-03-18 13:56 | 3 | CVE-2021-28687 | HVM soft-reset crashes toolstack |
XSA-367 | 2021-03-04 10:39 | 2021-03-05 17:07 | 2 | CVE-2021-28038 | Linux: netback fails to honor grant mapping errors |
XSA-366 | 2021-02-18 11:46 | 2021-02-23 16:36 | 2 | CVE-2021-27379 | missed flush in XSA-321 backport |
XSA-365 | 2021-02-16 12:00 | 2021-02-16 12:35 | 3 | CVE-2021-26930 | Linux: error handling issues in blkback's grant mapping |
XSA-364 | 2021-02-16 12:00 | 2021-02-16 12:35 | 3 | CVE-2021-26933 | arm: The cache may not be cleaned for newly allocated scrubbed pages |
XSA-363 | 2021-02-16 12:00 | 2021-02-16 12:35 | 3 | CVE-2021-26934 | Linux: display frontend "be-alloc" mode is unsupported |
XSA-362 | 2021-02-16 12:00 | 2021-02-16 12:35 | 3 | CVE-2021-26931 | Linux: backends treating grant mapping errors as bugs |
XSA-361 | 2021-02-16 12:00 | 2021-02-16 12:35 | 4 | CVE-2021-26932 | Linux: grant mapping error handling issues |
XSA-360 | 2021-01-21 14:09 | 2021-01-26 22:03 | 2 | CVE-2021-3308 | IRQ vector leak on x86 |
XSA-359 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29571 | FIFO event channels control structure ordering |
XSA-358 | 2020-12-15 12:00 | 2020-12-16 17:04 | 5 | CVE-2020-29570 | FIFO event channels control block related ordering |
XSA-357 | 2021-08-10 14:45 | - | - | Unused Xen Security Advisory number | |
XSA-356 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29567 | infinite loop when cleaning up IRQ vectors |
XSA-355 | 2020-11-24 12:00 | 2021-01-19 16:24 | 3 | CVE-2020-29040 | stack corruption from XSA-346 change |
XSA-354 | 2020-12-15 12:00 | 2020-12-15 12:19 | 4 | CVE-2020-29487 | XAPI: guest-triggered excessive memory usage |
XSA-353 | 2020-12-15 12:00 | 2020-12-15 12:19 | 4 | CVE-2020-29479 | oxenstored: permissions not checked on root node |
XSA-352 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29486 | oxenstored: node ownership can be changed by unprivileged clients |
XSA-351 | 2020-11-10 18:01 | 2023-12-15 15:35 | 3 | CVE-2020-28368 | Information leak via power sidechannel |
XSA-350 | 2020-12-15 12:00 | 2020-12-15 12:19 | 4 | CVE-2020-29569 | Use after free triggered by block frontend in Linux blkback |
XSA-349 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29568 | Frontends can trigger OOM in Backends by update a watched path |
XSA-348 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29566 | undue recursion in x86 HVM context switch code |
XSA-347 | 2020-10-20 11:49 | 2021-01-19 16:24 | 3 | CVE-2020-27670 | unsafe AMD IOMMU page table updates |
XSA-346 | 2020-10-20 11:49 | 2021-01-19 16:24 | 3 | CVE-2020-27671 | undue deferral of IOMMU TLB flushes |
XSA-345 | 2020-10-20 11:49 | 2023-12-15 15:35 | 5 | CVE-2020-27672 | x86: Race condition in Xen mapping code |
XSA-344 | 2020-09-22 12:00 | 2020-09-22 13:36 | 4 | CVE-2020-25601 | lack of preemption in evtchn_reset() / evtchn_destroy() |
XSA-343 | 2020-09-22 12:00 | 2020-12-16 17:03 | 5 | CVE-2020-25599 | races with evtchn_reset() |
XSA-342 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25600 | out of bounds event channels available to 32-bit x86 domains |
XSA-341 | 2020-09-08 15:35 | - | - | Unused Xen Security Advisory number | |
XSA-340 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25603 | Missing memory barriers when accessing/allocating an event channel |
XSA-339 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25596 | x86 pv guest kernel DoS via SYSENTER |
XSA-338 | 2020-09-22 12:00 | 2020-09-22 13:36 | 4 | CVE-2020-25597 | once valid event channels may not turn invalid |
XSA-337 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25595 | PCI passthrough code reading back hardware registers |
XSA-336 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25604 | race when migrating timers between x86 HVM vCPU-s |
XSA-335 | 2020-08-24 12:00 | 2023-12-15 15:35 | 3 | CVE-2020-14364 | QEMU: usb: out-of-bounds r/w access issue |
XSA-334 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25598 | Missing unlock in XENMEM_acquire_resource error path |
XSA-333 | 2020-09-22 12:00 | 2020-09-22 13:36 | 3 | CVE-2020-25602 | x86 pv: Crash when handling guest access to MSR_MISC_ENABLE |
XSA-332 | 2020-10-20 11:49 | 2021-01-19 16:24 | 4 | CVE-2020-27673 | Rogue guests can cause DoS of Dom0 via high frequency events |
XSA-331 | 2020-10-20 11:49 | 2021-01-19 16:24 | 3 | CVE-2020-27675 | Race condition in Linux event handler may crash dom0 |
XSA-330 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29485 | oxenstored memory leak in reset_watches |
XSA-329 | 2020-07-16 12:00 | 2023-12-15 15:35 | 4 | CVE-2020-15852 | Linux ioperm bitmap context switching issues |
XSA-328 | 2020-07-07 12:00 | 2020-07-07 12:23 | 3 | CVE-2020-15567 | non-atomic modification of live EPT PTE |
XSA-327 | 2020-07-07 12:00 | 2020-07-07 12:23 | 3 | CVE-2020-15564 | Missing alignment check in VCPUOP_register_vcpu_info |
XSA-326 | 2022-11-01 10:57 | 2022-11-01 10:57 | 4 | CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 | Xenstore: guests can let run xenstored out of memory |
XSA-325 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29483 | Xenstore: guests can disturb domain cleanup |
XSA-324 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29484 | Xenstore: guests can crash xenstored via watchs |
XSA-323 | 2020-12-15 12:00 | 2020-12-15 12:19 | 3 | CVE-2020-29482 | Xenstore: wrong path length check |
XSA-322 | 2020-12-15 12:00 | 2020-12-16 16:40 | 5 | CVE-2020-29481 | Xenstore: new domains inheriting existing node permissions |
XSA-321 | 2020-07-07 12:00 | 2020-07-07 12:21 | 3 | CVE-2020-15565 | insufficient cache write-back under VT-d |
XSA-320 | 2020-06-09 16:33 | 2020-06-11 13:09 | 2 | CVE-2020-0543 | Special Register Buffer speculative side channel |
XSA-319 | 2020-07-07 12:00 | 2020-07-07 12:18 | 3 | CVE-2020-15563 | inverted code paths in x86 dirty VRAM tracking |
XSA-318 | 2020-04-14 12:00 | 2020-04-14 12:00 | 3 | CVE-2020-11742 | Bad continuation handling in GNTTABOP_copy |
XSA-317 | 2020-07-07 12:00 | 2020-07-07 12:18 | 3 | CVE-2020-15566 | Incorrect error handling in event channel port allocation |
XSA-316 | 2020-04-14 12:00 | 2020-04-14 12:00 | 3 | CVE-2020-11743 | Bad error path in GNTTABOP_map_grant |
XSA-315 | 2020-03-10 17:02 | 2020-03-10 17:02 | 1 | CVE-2020-0551 | Load Value Injection (LVI) speculative side channel |
XSA-314 | 2020-04-14 12:00 | 2020-04-14 12:00 | 3 | CVE-2020-11739 | Missing memory barriers in read-write unlock paths |
XSA-313 | 2020-04-14 12:00 | 2020-04-14 12:00 | 3 | CVE-2020-11740 CVE-2020-11741 | multiple xenoprof issues |
XSA-312 | 2020-01-14 14:20 | 2020-01-14 14:20 | 1 | none (yet) assigned | arm: a CPU may speculate past the ERET instruction |
XSA-311 | 2019-12-11 12:00 | 2019-12-11 12:09 | 4 | CVE-2019-19577 | Bugs in dynamic height handling for AMD IOMMU pagetables |
XSA-310 | 2019-12-11 12:00 | 2019-12-11 12:09 | 3 | CVE-2019-19580 | Further issues with restartable PV type change operations |
XSA-309 | 2019-12-11 12:00 | 2019-12-11 12:09 | 3 | CVE-2019-19578 | Linear pagetable use / entry miscounts |
XSA-308 | 2019-12-11 12:00 | 2020-08-14 16:50 | 4 | CVE-2019-19583 | VMX: VMentry failure with debug exceptions and blocked states |
XSA-307 | 2019-12-11 12:00 | 2020-08-14 16:50 | 4 | CVE-2019-19581 CVE-2019-19582 | find_next_bit() issues |
XSA-306 | 2019-11-26 11:59 | 2019-12-05 14:20 | 3 | CVE-2019-19579 | Device quarantine for alternate pci assignment methods |
XSA-305 | 2019-11-12 17:53 | 2020-08-14 16:50 | 2 | CVE-2019-11135 | TSX Asynchronous Abort speculative side channel |
XSA-304 | 2019-11-12 17:53 | 2020-08-14 16:50 | 2 | CVE-2018-12207 | x86: Machine Check Error on Page Size Change DoS |
XSA-303 | 2019-10-31 12:00 | 2020-08-14 16:50 | 5 | CVE-2019-18422 | ARM: Interrupts are unconditionally unmasked in exception handlers |
XSA-302 | 2019-10-31 12:00 | 2019-10-31 12:30 | 5 | CVE-2019-18424 | passed through PCI devices may corrupt host memory after deassignment |
XSA-301 | 2019-10-31 12:00 | 2020-08-14 16:50 | 4 | CVE-2019-18423 | add-to-physmap can be abused to DoS Arm hosts |
XSA-300 | 2019-07-09 13:54 | 2020-08-14 16:50 | 4 | CVE-2019-17351 | Linux: No grant table and foreign mapping limits |
XSA-299 | 2019-10-31 12:00 | 2019-10-31 12:28 | 4 | CVE-2019-18421 | Issues with restartable PV type change operations |
XSA-298 | 2019-10-31 12:00 | 2019-10-31 12:28 | 3 | CVE-2019-18425 | missing descriptor table limit checking in x86 PV emulation |
XSA-297 | 2019-05-14 15:51 | 2019-05-14 15:51 | 1 | CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 | Microarchitectural Data Sampling speculative side channel |
XSA-296 | 2019-10-31 12:00 | 2020-08-14 16:41 | 5 | CVE-2019-18420 | VCPUOP_initialise DoS |
XSA-295 | 2019-06-13 19:15 | 2019-10-25 11:09 | 2 | CVE-2019-17349 CVE-2019-17350 | Unlimited Arm Atomics Operations |
XSA-294 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17348 | x86 shadow: Insufficient TLB flushing when using PCID |
XSA-293 | 2019-03-05 12:00 | 2019-10-25 11:09 | 4 | CVE-2019-17347 | x86: PV kernel context switch corruption |
XSA-292 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17346 | x86: insufficient TLB flushing when using PCID |
XSA-291 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17345 | x86/PV: page type reference counting issue with failed IOMMU update |
XSA-290 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17344 | missing preemption in x86 PV page table unvalidation |
XSA-289 | 2019-01-21 12:00 | 2019-01-21 17:32 | 3 | none (yet) assigned | Cache-load gadgets exploitable with L1TF |
XSA-288 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17343 | x86: Inconsistent PV IOMMU discipline |
XSA-287 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17342 | x86: steal_page violates page_struct access discipline |
XSA-286 | 2020-10-20 11:49 | 2021-01-19 16:24 | 6 | CVE-2020-27674 | x86 PV guest INVLPG-like flushes may leave stale TLB entries |
XSA-285 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17341 | race with pass-through device hotplug |
XSA-284 | 2019-03-05 12:00 | 2019-10-25 11:09 | 3 | CVE-2019-17340 | grant table transfer issues on large hosts |
XSA-283 | 2019-02-22 17:42 | 2019-02-22 17:42 | 2 | - | Withdrawn Xen Security Advisory number |
XSA-282 | 2018-11-06 18:40 | 2023-12-15 15:35 | 3 | CVE-2018-19967 | guest use of HLE constructs may lock up host |
XSA-281 | 2019-03-12 14:12 | - | - | Unused Xen Security Advisory number | |
XSA-280 | 2018-11-20 12:00 | 2023-12-15 15:35 | 4 | CVE-2018-19966 | Fix for XSA-240 conflicts with shadow paging |
XSA-279 | 2018-11-20 12:00 | 2019-01-08 16:43 | 3 | CVE-2018-19965 | x86: DoS from attempting to use INVPCID with a non-canonical addresses |
XSA-278 | 2018-10-24 21:11 | 2018-11-01 11:10 | 2 | CVE-2018-18883 | x86: Nested VT-x usable even when disabled |
XSA-277 | 2018-11-20 12:00 | 2019-01-08 16:43 | 3 | CVE-2018-19964 | x86: incorrect error handling for guest p2m page removals |
XSA-276 | 2018-11-20 12:00 | 2019-01-08 16:43 | 3 | CVE-2018-19963 | resource accounting issues in x86 IOREQ server handling |
XSA-275 | 2018-11-20 12:00 | 2019-01-08 16:43 | 3 | CVE-2018-19961 CVE-2018-19962 | insufficient TLB flushing / improper large page mappings with AMD IOMMUs |
XSA-274 | 2018-07-25 16:39 | 2018-08-15 16:09 | 3 | CVE-2018-14678 | Linux: Uninitialized state in x86 PV failsafe callback path |
XSA-273 | 2018-08-14 17:15 | 2018-08-14 17:15 | 1 | CVE-2018-3620 CVE-2018-3646 | L1 Terminal Fault speculative side channel |
XSA-272 | 2018-08-14 17:00 | 2018-08-20 09:46 | 3 | CVE-2018-15470 | oxenstored does not apply quota-maxentity |
XSA-271 | 2018-08-14 17:00 | 2023-12-15 15:35 | 3 | CVE-2018-14007 | XAPI HTTP directory traversal |
XSA-270 | 2018-08-14 17:00 | 2018-08-20 09:46 | 3 | CVE-2018-15471 | Linux netback driver OOB access in hash handling |
XSA-269 | 2018-08-14 17:00 | 2023-12-15 15:35 | 4 | CVE-2018-15468 | x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS |
XSA-268 | 2018-08-14 17:00 | 2018-08-20 09:46 | 3 | CVE-2018-15469 | Use of v2 grant tables may cause crash on ARM |
XSA-267 | 2018-06-13 20:23 | 2023-12-15 15:35 | 4 | CVE-2018-3665 | Speculative register leakage from lazy FPU context switching |
XSA-266 | 2018-06-27 20:06 | 2018-06-27 20:06 | 3 | CVE-2018-12892 | libxl fails to honour readonly flag on HVM emulated SCSI disks |
XSA-265 | 2018-06-27 20:06 | 2018-06-27 20:06 | 3 | CVE-2018-12893 | x86: #DB exception safety check can be triggered by a guest |
XSA-264 | 2018-06-27 20:06 | 2018-06-27 20:06 | 3 | CVE-2018-12891 | preemption checks bypassed in x86 PV MM handling |
XSA-263 | 2018-05-21 16:52 | 2018-05-21 16:52 | 1 | CVE-2018-3639 | Speculative Store Bypass |
XSA-262 | 2018-05-08 16:45 | 2018-05-11 10:13 | 3 | CVE-2018-10981 | qemu may drive Xen into unbounded loop |
XSA-261 | 2018-05-08 16:45 | 2018-05-11 10:13 | 3 | CVE-2018-10982 | x86 vHPET interrupt injection errors |
XSA-260 | 2018-05-08 16:45 | 2023-12-15 15:35 | 3 | CVE-2018-8897 | x86: mishandling of debug exceptions |
XSA-259 | 2018-04-25 12:00 | 2023-12-15 15:35 | 4 | CVE-2018-10471 | x86: PV guest may crash Xen with XPTI |
XSA-258 | 2018-04-25 12:00 | 2018-04-30 13:14 | 3 | CVE-2018-10472 | Information leak via crafted user-supplied CDROM |
XSA-256 | 2018-02-27 11:57 | 2018-03-01 13:15 | 3 | CVE-2018-7542 | x86 PVH guest without LAPIC may DoS the host |
XSA-255 | 2018-02-27 11:57 | 2018-03-01 13:15 | 4 | CVE-2018-7541 | grant table v2 -> v1 transition may crash Xen |
XSA-254 | 2018-01-03 22:29 | 2018-02-23 19:35 | 12 | CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 | Information leak via side effects of speculative execution |
XSA-253 | 2018-01-04 12:00 | 2018-01-06 15:24 | 3 | CVE-2018-5244 | x86: memory leak with MSR emulation |
XSA-252 | 2018-02-27 11:57 | 2018-03-01 13:15 | 3 | CVE-2018-7540 | DoS via non-preemptable L3/L4 pagetable freeing |
XSA-251 | 2017-12-12 11:35 | 2018-01-06 16:14 | 3 | CVE-2017-17565 | improper bug check in x86 log-dirty handling |
XSA-250 | 2017-12-12 11:35 | 2018-01-06 16:14 | 3 | CVE-2017-17564 | improper x86 shadow mode refcount error handling |
XSA-249 | 2017-12-12 11:35 | 2018-01-06 16:14 | 3 | CVE-2017-17563 | broken x86 shadow mode refcount overflow check |
XSA-248 | 2017-12-12 11:35 | 2018-01-06 16:14 | 3 | CVE-2017-17566 | x86 PV guests may gain access to internally used pages |
XSA-247 | 2017-11-28 11:58 | 2017-11-30 11:59 | 3 | CVE-2017-17045 | Missing p2m error checking in PoD code |
XSA-246 | 2017-11-28 11:58 | 2017-11-30 11:59 | 3 | CVE-2017-17044 | x86: infinite loop due to missing PoD error checking |
XSA-245 | 2017-09-28 17:26 | 2023-12-15 15:35 | 3 | CVE-2017-17046 | ARM: Some memory not scrubbed at boot |
XSA-244 | 2017-10-12 12:00 | 2017-10-18 12:08 | 3 | CVE-2017-15594 | x86: Incorrect handling of IST settings during CPU hotplug |
XSA-243 | 2017-10-12 12:00 | 2017-11-15 17:13 | 5 | CVE-2017-15592 | x86: Incorrect handling of self-linear shadow mappings with translated guests |
XSA-242 | 2017-10-12 12:00 | 2017-10-18 12:08 | 3 | CVE-2017-15593 | page type reference leak on x86 |
XSA-241 | 2017-10-12 12:00 | 2017-10-18 12:08 | 4 | CVE-2017-15588 | Stale TLB entry due to page type release race |
XSA-240 | 2017-10-12 12:00 | 2017-12-11 18:15 | 6 | CVE-2017-15595 | Unlimited recursion in linear pagetable de-typing |
XSA-239 | 2017-10-12 12:00 | 2017-10-18 12:08 | 3 | CVE-2017-15589 | hypervisor stack leak in x86 I/O intercept code |
XSA-238 | 2017-10-12 12:00 | 2017-12-06 10:59 | 3 | CVE-2017-15591 | DMOP map/unmap missing argument checks |
XSA-237 | 2017-10-12 12:00 | 2017-10-18 12:08 | 3 | CVE-2017-15590 | multiple MSI mapping issues on x86 |
XSA-236 | 2017-10-24 12:00 | 2017-10-24 13:55 | 3 | CVE-2017-15597 | pin count / page reference race in grant table code |
XSA-235 | 2017-08-23 15:16 | 2017-10-18 12:08 | 2 | CVE-2017-15596 | add-to-physmap error paths fail to release lock on ARM |
XSA-234 | 2017-09-12 12:00 | 2017-09-12 12:03 | 3 | CVE-2017-14319 | insufficient grant unmapping checks for x86 PV guests |
XSA-233 | 2017-09-12 12:00 | 2023-12-15 15:35 | 4 | CVE-2017-14317 | cxenstored: Race in domain cleanup |
XSA-232 | 2017-09-12 12:00 | 2017-09-12 12:03 | 4 | CVE-2017-14318 | Missing check for grant table |
XSA-231 | 2017-09-12 12:00 | 2017-09-12 12:03 | 3 | CVE-2017-14316 | Missing NUMA node parameter verification |
XSA-230 | 2017-08-15 12:00 | 2017-08-15 13:47 | 3 | CVE-2017-12855 | grant_table: possibly premature clearing of GTF_writing / GTF_reading |
XSA-229 | 2017-08-15 12:00 | 2017-08-15 12:04 | 3 | CVE-2017-12134 | linux: Fix Xen block IO merge-ability calculation |
XSA-228 | 2017-08-15 12:00 | 2017-08-15 12:04 | 3 | CVE-2017-12136 | grant_table: Race conditions with maptrack free list handling |
XSA-227 | 2017-08-15 12:00 | 2017-08-15 12:04 | 3 | CVE-2017-12137 | x86: PV privilege escalation via map_grant_ref |
XSA-226 | 2017-08-15 12:00 | 2017-08-29 12:03 | 7 | CVE-2017-12135 | multiple problems with transitive grants |
XSA-225 | 2017-06-20 11:58 | 2017-07-07 13:52 | 3 | CVE-2017-10923 | arm: vgic: Out-of-bound access when sending SGIs |
XSA-224 | 2017-06-20 11:58 | 2017-07-07 13:52 | 5 | CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 | grant table operations mishandle reference counts |
XSA-223 | 2017-06-20 11:58 | 2017-07-07 13:52 | 3 | CVE-2017-10919 | ARM guest disabling interrupt may crash Xen |
XSA-222 | 2017-06-20 11:58 | 2017-07-07 13:52 | 3 | CVE-2017-10918 | stale P2M mappings due to insufficient error checking |
XSA-221 | 2017-06-20 11:58 | 2023-12-15 15:35 | 4 | CVE-2017-10917 | NULL pointer deref in event channel poll |
XSA-220 | 2017-06-20 11:58 | 2017-07-07 13:52 | 3 | CVE-2017-10916 | x86: PKRU and BND* leakage between vCPU-s |
XSA-219 | 2017-06-20 11:58 | 2017-07-07 13:52 | 3 | CVE-2017-10915 | x86: insufficient reference counts during shadow emulation |
XSA-218 | 2017-06-20 12:00 | 2017-07-07 13:52 | 5 | CVE-2017-10913 CVE-2017-10914 | Races in the grant table unmap code |
XSA-217 | 2017-06-20 11:58 | 2017-07-07 13:52 | 3 | CVE-2017-10912 | page transfer may allow PV guest to elevate privilege |
XSA-216 | 2017-06-20 11:58 | 2017-07-07 13:52 | 5 | CVE-2017-10911 | blkif responses leak backend stack data |
XSA-215 | 2017-05-02 11:18 | 2017-05-12 10:44 | 3 | CVE-2017-8905 | possible memory corruption via failsafe callback |
XSA-214 | 2017-05-02 11:18 | 2023-12-15 15:35 | 4 | CVE-2017-8904 | grant transfer allows PV guest to elevate privileges |
XSA-213 | 2017-05-02 11:18 | 2017-05-12 10:44 | 3 | CVE-2017-8903 | x86: 64bit PV guest breakout via pagetable use-after-mode-change |
XSA-212 | 2017-04-04 12:00 | 2017-04-04 12:37 | 3 | CVE-2017-7228 | x86: broken check in memory_exchange() permits PV guest breakout |
XSA-211 | 2017-03-14 11:58 | 2023-12-15 15:35 | 3 | CVE-2016-9603 | Cirrus VGA Heap overflow via display refresh |
XSA-210 | 2017-02-23 16:28 | 2017-02-23 16:28 | 1 | none (yet) assigned | arm: memory corruption when freeing p2m pages |
XSA-209 | 2017-02-21 10:42 | 2023-12-15 15:35 | 5 | CVE-2017-2620 | cirrus_bitblt_cputovideo does not check if memory region is safe |
XSA-208 | 2017-02-10 12:43 | 2023-12-15 15:35 | 3 | CVE-2017-2615 | oob access in cirrus bitblt copy |
XSA-207 | 2017-02-15 12:00 | 2017-02-15 12:05 | 2 | none (yet) assigned | memory leak when destroying guest without PT devices |
XSA-206 | 2017-03-28 12:00 | 2023-12-15 15:35 | 10 | none (yet) assigned | xenstore denial of service via repeated update |
XSA-205 | 2017-02-13 14:23 | - | - | Unused Xen Security Advisory number | |
XSA-204 | 2016-12-19 15:36 | 2016-12-19 17:04 | 2 | CVE-2016-10013 | x86: Mishandling of SYSCALL singlestep during emulation |
XSA-203 | 2016-12-21 12:00 | 2016-12-21 12:01 | 3 | CVE-2016-10025 | x86: missing NULL pointer check in VMFUNC emulation |
XSA-202 | 2016-12-21 12:00 | 2016-12-21 12:01 | 3 | CVE-2016-10024 | x86 PV guests may be able to mask interrupts |
XSA-201 | 2016-11-29 14:48 | 2023-12-15 15:35 | 3 | CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 | ARM guests may induce host asynchronous abort |
XSA-200 | 2016-12-13 12:00 | 2016-12-13 13:07 | 3 | CVE-2016-9932 | x86 CMPXCHG8B emulation fails to ignore operand size override |
XSA-199 | 2016-12-06 12:00 | 2023-12-15 15:35 | 4 | CVE-2016-9637 | qemu ioport array overflow |
XSA-198 | 2016-11-22 12:00 | 2023-12-15 15:35 | 4 | CVE-2016-9379 CVE-2016-9380 | delimiter injection vulnerabilities in pygrub |
XSA-197 | 2016-11-22 12:00 | 2023-12-15 15:35 | 4 | CVE-2016-9381 | qemu incautious about shared ring processing |
XSA-196 | 2016-11-22 12:00 | 2016-11-22 12:00 | 3 | CVE-2016-9377 CVE-2016-9378 | x86 software interrupt injection mis-handled |
XSA-195 | 2016-11-22 12:00 | 2016-11-22 12:00 | 3 | CVE-2016-9383 | x86 64-bit bit test instruction emulation broken |
XSA-194 | 2016-11-22 12:00 | 2016-11-22 12:00 | 3 | CVE-2016-9384 | guest 32-bit ELF symbol table load leaking host data |
XSA-193 | 2016-11-22 12:00 | 2016-11-22 12:00 | 3 | CVE-2016-9385 | x86 segment base write emulation lacking canonical address checks |
XSA-192 | 2016-11-22 12:00 | 2016-11-22 12:00 | 3 | CVE-2016-9382 | x86 task switch to VM86 mode mis-handled |
XSA-191 | 2016-11-22 12:00 | 2016-11-22 12:00 | 3 | CVE-2016-9386 | x86 null segments not always treated as unusable |
XSA-190 | 2016-10-04 12:00 | 2016-10-04 12:50 | 5 | CVE-2016-7777 | CR0.TS and CR0.EM not always honored for x86 HVM guests |
XSA-189 | 2016-09-21 09:46 | - | - | Unused Xen Security Advisory number | |
XSA-188 | 2016-09-08 12:00 | 2016-09-08 12:00 | 3 | CVE-2016-7154 | use after free in FIFO event channel code |
XSA-187 | 2016-09-08 12:00 | 2016-09-08 12:04 | 3 | CVE-2016-7094 | x86 HVM: Overflow of sh_ctxt->seg_reg[] |
XSA-186 | 2016-09-08 12:00 | 2016-09-08 12:00 | 4 | CVE-2016-7093 | x86: Mishandling of instruction pointer truncation during emulation |
XSA-185 | 2016-09-08 12:00 | 2016-09-08 12:00 | 3 | CVE-2016-7092 | x86: Disallow L3 recursive pagetable for 32-bit PV guests |
XSA-184 | 2016-07-27 15:00 | 2023-12-15 15:35 | 3 | CVE-2016-5403 | virtio: unbounded memory allocation issue |
XSA-183 | 2016-07-26 11:32 | 2023-12-15 15:35 | 6 | CVE-2016-6259 | x86: Missing SMAP whitelisting in 32-bit exception / event delivery |
XSA-182 | 2016-07-26 11:32 | 2023-12-15 15:35 | 4 | CVE-2016-6258 | x86: Privilege escalation in PV guests |
XSA-181 | 2016-06-03 09:47 | 2016-06-03 13:55 | 2 | CVE-2016-5242 | arm: Host crash caused by VMID exhaustion |
XSA-180 | 2016-05-23 17:09 | 2023-12-15 15:35 | 2 | CVE-2014-3672 | Unrestricted qemu logging |
XSA-179 | 2016-05-09 11:48 | 2016-05-10 11:23 | 5 | CVE-2016-3710 CVE-2016-3712 | QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks |
XSA-178 | 2016-06-02 12:00 | 2016-06-06 16:55 | 4 | CVE-2016-4963 | Unsanitised driver domain input in libxl device handling |
XSA-177 | 2016-05-24 12:21 | - | - | Unused Xen Security Advisory number | |
XSA-176 | 2016-05-17 10:54 | 2016-05-17 10:54 | 3 | CVE-2016-4480 | x86 software guest page walk PS bit handling flaw |
XSA-175 | 2016-06-02 12:00 | 2023-12-15 15:35 | 7 | CVE-2016-4962 | Unsanitised guest input in libxl device handling code |
XSA-174 | 2016-04-14 12:00 | 2016-04-14 13:03 | 3 | CVE-2016-3961 | hugetlbfs use may crash PV Linux guests |
XSA-173 | 2016-04-18 12:00 | 2016-04-18 13:31 | 3 | CVE-2016-3960 | x86 shadow pagetables: address width overflow |
XSA-172 | 2016-03-24 16:26 | 2016-03-24 16:26 | 3 | CVE-2016-3158 CVE-2016-3159 | broken AMD FPU FIP/FDP/FOP leak workaround |
XSA-171 | 2016-03-16 19:00 | 2016-03-16 19:03 | 4 | CVE-2016-3157 | I/O port access privilege escalation in x86-64 Linux |
XSA-170 | 2016-02-17 12:00 | 2016-02-17 12:25 | 3 | CVE-2016-2271 | VMX: guest user mode may crash guest with non-canonical RIP |
XSA-169 | 2015-12-21 11:12 | 2015-12-22 18:46 | 2 | CVE-2015-8615 | x86: unintentional logging upon guest changing callback method |
XSA-168 | 2016-01-20 12:00 | 2016-01-20 12:08 | 3 | CVE-2016-1571 | VMX: intercept issue with INVLPG on non-canonical address |
XSA-167 | 2016-01-20 12:00 | 2016-01-20 12:08 | 4 | CVE-2016-1570 | PV superpage functionality missing sanity checks |
XSA-166 | 2015-12-17 12:00 | 2015-12-17 12:38 | 2 | none (yet) assigned | ioreq handling possibly susceptible to multiple read issue |
XSA-165 | 2015-12-17 12:00 | 2015-12-17 12:38 | 3 | CVE-2015-8555 | information leak in legacy x86 FPU/XMM initialization |
XSA-164 | 2015-12-17 12:00 | 2023-12-15 15:35 | 4 | CVE-2015-8554 | qemu-dm buffer overrun in MSI-X handling |
XSA-163 | 2015-11-24 17:12 | 2015-11-24 17:12 | 1 | none (yet) assigned | virtual PMU is unsupported |
XSA-162 | 2015-11-30 06:00 | 2023-12-15 15:35 | 3 | CVE-2015-7504 | heap buffer overflow vulnerability in pcnet emulator |
XSA-161 | 2015-11-25 15:29 | 2015-11-25 15:29 | 2 | none (yet) assigned | WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM |
XSA-160 | 2015-12-08 11:29 | 2015-12-08 11:29 | 3 | CVE-2015-8341 | libxl leak of pv kernel and initrd on error |
XSA-159 | 2015-12-08 11:29 | 2015-12-08 11:29 | 4 | CVE-2015-8339 CVE-2015-8340 | XENMEM_exchange error handling issues |
XSA-158 | 2015-12-08 11:29 | 2023-12-15 15:35 | 5 | CVE-2015-8338 | long running memory operations on ARM |
XSA-157 | 2015-12-17 12:00 | 2023-12-15 15:35 | 4 | CVE-2015-8551 CVE-2015-8552 | Linux pciback missing sanity checks leading to crash |
XSA-156 | 2015-11-10 00:01 | 2015-11-10 00:07 | 2 | CVE-2015-5307 CVE-2015-8104 | x86: CPU lockup during exception delivery |
XSA-155 | 2015-12-17 12:00 | 2015-12-17 13:36 | 6 | CVE-2015-8550 | paravirtualized drivers incautious about shared memory contents |
XSA-154 | 2016-02-17 12:00 | 2016-02-17 12:25 | 3 | CVE-2016-2270 | x86: inconsistent cachability flags on guest mappings |
XSA-153 | 2015-10-29 11:59 | 2023-12-15 15:35 | 4 | CVE-2015-7972 | x86: populate-on-demand balloon size inaccuracy can crash guests |
XSA-152 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7971 | x86: some pmu and profiling hypercalls log without rate limiting |
XSA-151 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7969 | x86: leak of per-domain profiling-related vcpu pointer array |
XSA-150 | 2015-10-29 11:59 | 2015-10-29 11:59 | 5 | CVE-2015-7970 | x86: Long latency populate-on-demand operation is not preemptible |
XSA-149 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7969 | leak of main per-domain vcpu pointer array |
XSA-148 | 2015-10-29 11:59 | 2015-10-29 11:59 | 4 | CVE-2015-7835 | x86: Uncontrolled creation of large page mappings by PV guests |
XSA-147 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7814 | arm: Race between domain destruction and memory allocation decrease |
XSA-146 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7813 | arm: various unimplemented hypercalls log without rate limiting |
XSA-145 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7812 | arm: Host crash when preempting a multicall |
XSA-144 | 2015-10-14 12:03 | - | - | Unused Xen Security Advisory number | |
XSA-143 | 2015-10-14 12:03 | - | - | Unused Xen Security Advisory number | |
XSA-142 | 2015-09-22 10:00 | 2023-12-15 15:35 | 3 | CVE-2015-7311 | libxl fails to honour readonly flag on disks with qemu-xen |
XSA-141 | 2015-09-01 12:00 | 2015-09-01 13:18 | 3 | CVE-2015-6654 | printk is not rate-limited in xenmem_add_to_physmap_one |
XSA-140 | 2015-08-03 12:00 | 2023-12-15 15:35 | 3 | CVE-2015-5165 | QEMU leak of uninitialized heap memory in rtl8139 device model |
XSA-139 | 2015-08-03 12:00 | 2023-12-15 15:35 | 3 | CVE-2015-5166 | Use after free in QEMU/Xen block unplug protocol |
XSA-138 | 2015-07-27 12:00 | 2015-07-27 12:03 | 2 | CVE-2015-5154 | QEMU heap overflow flaw while processing certain ATAPI commands. |
XSA-137 | 2015-07-07 12:00 | 2023-12-15 15:35 | 4 | CVE-2015-3259 | xl command line config handling stack overflow |
XSA-136 | 2015-06-11 12:00 | 2015-06-11 12:28 | 3 | CVE-2015-4164 | vulnerability in the iret hypercall handler |
XSA-135 | 2015-06-10 13:10 | 2023-12-15 15:35 | 4 | CVE-2015-3209 | Heap overflow in QEMU PCNET controller, allowing guest->host escape |
XSA-134 | 2015-06-11 12:00 | 2015-06-11 12:28 | 3 | CVE-2015-4163 | GNTTABOP_swap_grant_ref operation misbehavior |
XSA-133 | 2015-05-13 11:15 | 2023-12-15 15:35 | 3 | CVE-2015-3456 | Privilege escalation via emulated floppy disk drive |
XSA-132 | 2015-04-20 17:10 | 2023-12-15 15:35 | 3 | CVE-2015-3340 | Information leak through XEN_DOMCTL_gettscinfo |
XSA-131 | 2015-06-02 12:00 | 2015-06-02 14:02 | 3 | CVE-2015-4106 | Unmediated PCI register access in qemu |
XSA-130 | 2015-06-02 12:00 | 2015-06-02 14:02 | 2 | CVE-2015-4105 | Guest triggerable qemu MSI-X pass-through error messages |
XSA-129 | 2015-06-02 12:00 | 2015-06-02 14:02 | 2 | CVE-2015-4104 | PCI MSI mask bits inadvertently exposed to guests |
XSA-128 | 2015-06-02 12:00 | 2015-06-02 14:02 | 2 | CVE-2015-4103 | Potential unintended writes to host MSI message data field via qemu |
XSA-127 | 2015-03-31 12:00 | 2023-12-15 15:35 | 3 | CVE-2015-2751 | Certain domctl operations may be abused to lock up the host |
XSA-126 | 2015-03-31 12:00 | 2023-12-15 15:35 | 4 | CVE-2015-2756 | Unmediated PCI command register access in qemu |
XSA-125 | 2015-03-31 12:00 | 2015-03-31 12:09 | 3 | CVE-2015-2752 | Long latency MMIO mapping operations are not preemptible |
XSA-124 | 2015-03-10 12:00 | 2015-03-10 12:00 | 2 | none (yet) assigned | Non-standard PCI device functionality may render pass-through insecure |
XSA-123 | 2015-03-10 12:00 | 2015-03-10 12:00 | 4 | CVE-2015-2151 | Hypervisor memory corruption due to x86 emulator flaw |
XSA-122 | 2015-03-05 12:00 | 2015-03-05 12:18 | 3 | CVE-2015-2045 | Information leak through version information hypercall |
XSA-121 | 2015-03-05 12:00 | 2015-03-05 12:18 | 3 | CVE-2015-2044 | Information leak via internal x86 system device emulation |
XSA-120 | 2015-03-10 12:00 | 2023-12-15 15:35 | 6 | CVE-2015-2150 CVE-2015-8553 | Non-maskable interrupts triggerable by guests |
XSA-119 | 2015-03-12 12:00 | 2015-03-12 13:32 | 3 | CVE-2015-2152 | HVM qemu unexpectedly enabling emulated VGA graphics backends |
XSA-118 | 2015-01-29 11:14 | 2015-02-25 11:14 | 2 | CVE-2015-1563 | arm: vgic: incorrect rate limiting of guest triggered logging |
XSA-117 | 2015-02-12 12:00 | 2015-02-12 17:41 | 2 | CVE-2015-0268 | arm: vgic-v2: GICD_SGIR is not properly emulated |
XSA-116 | 2015-01-06 12:00 | 2015-01-06 12:40 | 3 | CVE-2015-0361 | xen crash due to use after free on hvm guest teardown |
XSA-115 | 2020-12-15 12:00 | 2020-12-15 12:15 | 4 | CVE-2020-29480 | xenstore watch notifications lacking permission checks |
XSA-114 | 2014-12-08 12:00 | 2014-12-08 12:08 | 3 | CVE-2014-9065 CVE-2014-9066 | p2m lock starvation |
XSA-113 | 2014-11-20 16:26 | 2014-11-21 12:25 | 2 | CVE-2014-9030 | Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling |
XSA-112 | 2014-11-27 11:25 | 2023-12-15 15:35 | 6 | CVE-2014-8867 | Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor |
XSA-111 | 2014-11-27 11:25 | 2023-12-15 15:35 | 4 | CVE-2014-8866 | Excessive checking in compatibility mode hypercall argument translation |
XSA-110 | 2014-11-18 12:00 | 2023-12-15 15:35 | 4 | CVE-2014-8595 | Missing privilege level checks in x86 emulation of far branches |
XSA-109 | 2014-11-18 12:00 | 2015-01-20 18:14 | 4 | CVE-2014-8594 | Insufficient restrictions on certain MMU update hypercalls |
XSA-108 | 2014-10-01 12:00 | 2014-10-01 12:02 | 4 | CVE-2014-7188 | Improper MSR range used for x2APIC emulation |
XSA-107 | 2014-09-09 12:30 | 2014-09-11 10:07 | 2 | CVE-2014-6268 | Mishandling of uninitialised FIFO-based event channel control blocks |
XSA-106 | 2014-09-23 12:00 | 2014-09-24 10:29 | 3 | CVE-2014-7156 | Missing privilege level checks in x86 emulation of software interrupts |
XSA-105 | 2014-09-23 12:00 | 2014-09-24 10:29 | 3 | CVE-2014-7155 | Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation |
XSA-104 | 2014-09-23 12:00 | 2014-09-24 10:29 | 3 | CVE-2014-7154 | Race condition in HVMOP_track_dirty_vram |
XSA-103 | 2014-08-12 12:00 | 2014-08-12 13:02 | 3 | CVE-2014-5148 | Flaw in handling unknown system register access from 64-bit userspace on ARM |
XSA-102 | 2014-08-12 12:00 | 2014-08-12 13:02 | 3 | CVE-2014-5147 | Flaws in handling traps from 32-bit userspace on 64-bit ARM |
XSA-101 | 2014-06-25 12:00 | 2014-06-30 14:22 | 3 | CVE-2014-4022 | information leak via gnttab_setup_table on ARM |
XSA-100 | 2014-06-17 11:44 | 2014-06-17 11:44 | 3 | CVE-2014-4021 | Hypervisor heap contents leaked to guests |
XSA-99 | 2014-06-17 11:44 | 2014-06-17 11:44 | 2 | none (yet) assigned | unexpected pitfall in xenaccess API |
XSA-98 | 2014-06-04 12:00 | 2015-03-13 15:59 | 5 | CVE-2014-3969 | insufficient permissions checks accessing guest memory on ARM |
XSA-97 | 2014-08-12 12:00 | 2014-08-12 13:02 | 3 | CVE-2014-5146 CVE-2014-5149 | Long latency virtual-mmu operations are not preemptible |
XSA-96 | 2014-06-03 12:00 | 2014-06-04 16:03 | 3 | CVE-2014-3967 CVE-2014-3968 | Vulnerabilities in HVM MSI injection |
XSA-95 | 2014-05-14 10:44 | 2014-05-16 10:34 | 3 | CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 | input handling vulnerabilities loading guest kernel on ARM |
XSA-94 | 2014-04-23 13:05 | 2014-04-23 15:12 | 2 | CVE-2014-2986 | ARM hypervisor crash on guest interrupt controller access |
XSA-93 | 2014-04-22 15:05 | 2014-04-23 10:19 | 2 | CVE-2014-2915 | Hardware features unintentionally exposed to guests on ARM |
XSA-92 | 2014-04-29 08:50 | 2014-05-01 10:52 | 3 | CVE-2014-3124 | HVMOP_set_mem_type allows invalid P2M entries to be created |
XSA-91 | 2014-04-30 09:52 | 2014-05-01 10:52 | 3 | CVE-2014-3125 | Hardware timer context is not properly context switched on ARM |
XSA-90 | 2014-03-24 13:00 | 2014-04-02 11:49 | 2 | CVE-2014-2580 | Linux netback crash trying to disable due to malformed packet |
XSA-89 | 2014-03-25 12:00 | 2014-04-02 11:45 | 3 | CVE-2014-2599 | HVMOP_set_mem_access is not preemptible |
XSA-88 | 2014-02-12 12:00 | 2014-02-12 17:04 | 3 | CVE-2014-1950 | use-after-free in xc_cpupool_getinfo() under memory pressure |
XSA-87 | 2014-01-23 17:38 | 2014-01-24 15:37 | 2 | CVE-2014-1666 | PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests |
XSA-86 | 2014-02-06 12:00 | 2014-02-10 11:25 | 3 | CVE-2014-1896 | libvchan failure handling malicious ring indexes |
XSA-85 | 2014-02-06 12:00 | 2014-02-10 11:25 | 3 | CVE-2014-1895 | Off-by-one error in FLASK_AVC_CACHESTAT hypercall |
XSA-84 | 2014-02-06 12:00 | 2023-12-15 15:35 | 4 | CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 | integer overflow in several XSM/Flask hypercalls |
XSA-83 | 2014-01-23 12:00 | 2014-01-23 14:26 | 3 | CVE-2014-1642 | Out-of-memory condition yielding memory corruption during IRQ setup |
XSA-82 | 2013-12-02 17:13 | 2014-02-19 16:54 | 4 | CVE-2013-6885 | Guest triggerable AMD CPU erratum may cause host hang |
XSA-81 | 2013-11-27 13:21 | - | - | Unused Xen Security Advisory number | |
XSA-80 | 2013-12-10 12:00 | 2013-12-10 12:58 | 3 | CVE-2013-6400 | IOMMU TLB flushing may be inadvertently suppressed |
XSA-79 | 2013-11-27 13:20 | - | - | Unused Xen Security Advisory number | |
XSA-78 | 2013-11-20 17:08 | 2013-11-21 11:32 | 2 | CVE-2013-6375 | Insufficient TLB flushing in VT-d (iommu) code |
XSA-77 | 2013-12-10 12:00 | 2013-12-10 12:58 | 3 | none (yet) assigned | Disaggregated domain management security status |
XSA-76 | 2013-11-26 12:00 | 2013-11-26 17:02 | 3 | CVE-2013-4554 | Hypercalls exposed to privilege rings 1 and 2 of HVM guests |
XSA-75 | 2013-11-08 16:20 | 2013-11-11 11:42 | 2 | CVE-2013-4551 | Host crash due to guest VMX instruction execution |
XSA-74 | 2013-11-26 12:00 | 2013-11-26 17:02 | 3 | CVE-2013-4553 | Lock order reversal between page_alloc_lock and mm_rwlock |
XSA-73 | 2013-11-01 15:07 | 2013-11-04 13:15 | 3 | CVE-2013-4494 | Lock order reversal between page allocation and grant table locks |
XSA-72 | 2013-10-29 12:00 | 2013-10-29 15:39 | 3 | CVE-2013-4416 | ocaml xenstored mishandles oversized message replies |
XSA-71 | 2013-10-10 12:00 | 2013-10-10 12:28 | 2 | CVE-2013-4375 | qemu disk backend (qdisk) resource leak |
XSA-70 | 2013-10-10 12:00 | 2013-10-10 12:22 | 2 | CVE-2013-4371 | use-after-free in libxl_list_cpupool under memory pressure |
XSA-69 | 2013-10-10 12:00 | 2013-10-10 12:22 | 2 | CVE-2013-4370 | misplaced free in ocaml xc_vcpu_getaffinity stub |
XSA-68 | 2013-10-10 12:00 | 2013-10-10 12:22 | 2 | CVE-2013-4369 | possible null dereference when parsing vif ratelimiting info |
XSA-67 | 2013-10-10 12:00 | 2013-10-10 12:22 | 2 | CVE-2013-4368 | Information leak through outs instruction emulation |
XSA-66 | 2013-09-30 10:04 | 2013-09-30 10:04 | 3 | CVE-2013-4361 | Information leak through fbld instruction emulation |
XSA-65 | 2013-10-02 15:00 | 2013-10-02 16:23 | 2 | CVE-2013-4344 | qemu SCSI REPORT LUNS buffer overflow |
XSA-64 | 2013-09-30 10:04 | 2013-09-30 10:04 | 3 | CVE-2013-4356 | Memory accessible by 64-bit PV guests under live migration |
XSA-63 | 2013-09-30 10:04 | 2023-12-15 15:35 | 4 | CVE-2013-4355 | Information leaks through I/O instruction emulation |
XSA-62 | 2013-09-24 12:00 | 2023-12-15 15:35 | 3 | CVE-2013-1442 | Information leak on AVX and/or LWP capable CPUs |
XSA-61 | 2013-09-10 10:56 | 2013-09-11 12:13 | 2 | CVE-2013-4329 | libxl partially sets up HVM passthrough even with disabled iommu |
XSA-60 | 2013-07-19 12:00 | 2014-02-19 16:54 | 6 | CVE-2013-2212 | Excessive time to disable caching with HVM guests with PCI passthrough |
XSA-59 | 2013-08-20 12:00 | 2013-08-20 12:07 | 4 | CVE-2013-3495 | Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts |
XSA-58 | 2013-06-26 12:00 | 2013-06-26 13:18 | 2 | CVE-2013-1432 | Page reference counting error due to XSA-45/CVE-2013-1918 fixes |
XSA-57 | 2013-06-20 12:00 | 2013-06-26 10:37 | 4 | CVE-2013-2211 | libxl allows guest write access to sensitive console related xenstore keys |
XSA-56 | 2013-05-17 12:00 | 2013-05-17 15:44 | 2 | CVE-2013-2072 | Buffer overflow in xencontrol Python bindings affecting xend |
XSA-55 | 2013-06-03 16:18 | 2013-06-20 10:26 | 5 | CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 | Multiple vulnerabilities in libelf PV kernel handling |
XSA-54 | 2013-06-03 12:00 | 2014-06-03 12:23 | 4 | CVE-2013-2078 | Hypervisor crash due to missing exception recovery on XSETBV |
XSA-53 | 2013-06-03 12:00 | 2013-06-03 16:18 | 3 | CVE-2013-2077 | Hypervisor crash due to missing exception recovery on XRSTOR |
XSA-52 | 2013-06-03 12:00 | 2013-06-03 16:18 | 3 | CVE-2013-2076 | Information leak on XSAVE/XRSTOR capable AMD CPUs |
XSA-51 | 2013-05-06 15:00 | 2013-05-06 21:18 | 2 | CVE-2013-2007 | qemu guest agent (qga) insecure file permissions |
XSA-50 | 2013-04-18 15:16 | 2023-12-15 15:35 | 2 | CVE-2013-1964 | grant table hypercall acquire/release imbalance |
XSA-49 | 2013-05-02 12:00 | 2023-12-15 15:35 | 3 | CVE-2013-1952 | VT-d interrupt remapping source validation flaw for bridges |
XSA-48 | 2013-04-15 15:00 | 2023-12-15 15:35 | 3 | CVE-2013-1922 | qemu-nbd format-guessing due to missing format specification |
XSA-47 | 2013-04-04 17:54 | 2013-04-04 17:54 | 1 | CVE-2013-1920 | Potential use of freed memory in event channel operations |
XSA-46 | 2013-04-18 12:00 | 2013-04-18 13:35 | 3 | CVE-2013-1919 | Several access permission issues with IRQs for unprivileged guests |
XSA-45 | 2013-05-02 12:00 | 2013-05-02 13:54 | 2 | CVE-2013-1918 | Several long latency operations are not preemptible |
XSA-44 | 2013-04-18 12:00 | 2013-04-18 13:50 | 3 | CVE-2013-1917 | Xen PV DoS vulnerability with SYSENTER |
XSA-43 | 2013-02-05 12:00 | 2023-12-15 15:35 | 3 | CVE-2013-0231 | Linux pciback DoS via not rate limited log messages. |
XSA-42 | 2013-02-12 12:00 | 2013-02-13 16:49 | 2 | CVE-2013-0228 | Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. |
XSA-41 | 2013-01-16 14:50 | 2013-01-17 12:17 | 2 | CVE-2012-6075 | qemu (e1000 device driver): Buffer overflow when processing large packets |
XSA-40 | 2013-01-16 14:50 | 2023-12-15 15:35 | 2 | CVE-2013-0190 | Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. |
XSA-39 | 2013-02-05 12:00 | 2023-12-15 15:35 | 3 | CVE-2013-0216 CVE-2013-0217 | Linux netback DoS via malicious guest ring. |
XSA-38 | 2013-02-05 12:00 | 2013-02-15 11:40 | 3 | CVE-2013-0215 | oxenstored incorrect handling of certain Xenbus ring states |
XSA-37 | 2013-01-04 16:00 | 2013-01-04 16:00 | 1 | CVE-2013-0154 | Hypervisor crash due to incorrect ASSERT (debug build only) |
XSA-36 | 2013-02-05 12:00 | 2013-02-21 11:05 | 4 | CVE-2013-0153 | interrupt remap entries shared and old ones not cleared on AMD IOMMUs |
XSA-35 | 2013-01-22 11:49 | 2013-01-23 18:28 | 4 | CVE-2013-0152 | Nested HVM exposes host to being driven out of memory by guest |
XSA-34 | 2013-01-22 11:49 | 2013-01-22 11:49 | 2 | CVE-2013-0151 | nested virtualization on 32-bit exposes host crash |
XSA-33 | 2013-01-08 12:00 | 2013-01-11 17:10 | 3 | CVE-2012-5634 | VT-d interrupt remapping source validation flaw |
XSA-32 | 2012-12-03 17:51 | 2012-12-03 17:51 | 4 | CVE-2012-5525 | several hypercalls do not validate input GFNs |
XSA-31 | 2012-12-03 17:51 | 2012-12-03 17:51 | 3 | CVE-2012-5515 | Several memory hypercall operations allow invalid extent order values |
XSA-30 | 2012-12-03 17:51 | 2023-12-15 15:35 | 5 | CVE-2012-5514 | Broken error handling in guest_physmap_mark_populate_on_demand() |
XSA-29 | 2012-12-03 17:51 | 2012-12-03 17:51 | 3 | CVE-2012-5513 | XENMEM_exchange may overwrite hypervisor memory |
XSA-28 | 2012-12-03 17:51 | 2012-12-03 17:51 | 3 | CVE-2012-5512 | HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak |
XSA-27 | 2012-12-03 17:51 | 2023-12-15 15:35 | 6 | CVE-2012-5511 CVE-2012-6333 | several HVM operations do not validate the range of their inputs |
XSA-26 | 2012-12-03 17:51 | 2012-12-03 17:51 | 3 | CVE-2012-5510 | Grant table version switch list corruption vulnerability |