Advisories, publicly released or pre-released

All times are in UTC. For general information about Xen and security see the Xen Project website and security policy. A JSON document listing advisories is also available.

Advisory Public release Updated Version CVE(s) Title
XSA-462 2024-09-24 10:46 2024-09-24 10:46 2 CVE-2024-45817 x86: Deadlock in vlapic_error()
XSA-461 2024-08-13 12:00 2024-08-14 13:24 2 CVE-2024-31146 PCI device pass-through with shared resources
XSA-460 2024-08-13 12:00 2024-08-14 13:24 2 CVE-2024-31145 error handling in x86 IOMMU identity mapping
XSA-459 2024-07-16 11:59 2024-07-16 11:59 2 CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality
XSA-458 2024-07-16 11:59 2024-07-16 11:59 2 CVE-2024-31143 double unlock in x86 guest IRQ handling
XSA-457 2024-05-07 17:11 2024-05-08 22:19 3 CVE-2024-27393 Linux/xen-netfront: Memory leak due to missing cleanup function
XSA-456 2024-04-09 17:00 2024-05-07 17:11 3 CVE-2024-2201 x86: Native Branch History Injection
XSA-455 2024-04-09 16:29 2024-04-09 16:29 4 CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations
XSA-454 2024-04-09 11:50 2024-04-09 11:50 2 CVE-2023-46842 x86 HVM hypercalls may trigger Xen bug check
XSA-453 2024-03-12 16:44 2024-03-12 16:44 1 CVE-2024-2193 GhostRace: Speculative Race Conditions
XSA-452 2024-03-12 16:44 2024-03-12 16:44 1 CVE-2023-28746 x86: Register File Data Sampling
XSA-451 2024-02-27 10:38 2024-02-27 10:38 2 CVE-2023-46841 x86: shadow stack vs exceptions from emulation stubs
XSA-450 2024-01-30 12:00 2024-01-30 13:09 2 CVE-2023-46840 VT-d: Failure to quarantine devices in !HVM builds
XSA-449 2024-01-30 12:00 2024-01-30 13:09 2 CVE-2023-46839 pci: phantom functions assigned to incorrect contexts
XSA-448 2024-01-22 18:30 2024-01-22 18:30 2 CVE-2023-46838 Linux: netback processing of zero-length transmit fragment
XSA-447 2023-12-12 12:00 2023-12-12 12:01 2 CVE-2023-46837 arm32: The cache may not be properly cleaned/invalidated (take two)
XSA-446 2023-11-14 12:00 2023-11-14 13:58 2 CVE-2023-46836 x86: BTC/SRSO fixes not fully effective
XSA-445 2023-11-14 12:00 2023-11-14 13:58 3 CVE-2023-46835 x86/AMD: mismatch in IOMMU quarantine page table levels
XSA-444 2023-10-10 12:00 2023-10-10 12:09 3 CVE-2023-34327 CVE-2023-34328 x86/AMD: Debug Mask handling
XSA-443 2023-10-10 12:00 2023-11-09 15:18 4 CVE-2023-34325 CVE-2022-4949 Multiple vulnerabilities in libfsimage disk handling
XSA-442 2023-10-10 11:26 2023-10-10 11:26 2 CVE-2023-34326 x86/AMD: missing IOMMU TLB flushing
XSA-441 2023-10-10 11:26 2023-10-10 11:26 4 CVE-2023-34324 Possible deadlock in Linux kernel event handling
XSA-440 2023-10-10 11:26 2023-12-15 15:35 4 CVE-2023-34323 xenstored: A transaction conflict can crash C Xenstored
XSA-439 2023-09-25 16:03 2023-09-25 17:17 2 CVE-2023-20588 x86/AMD: Divide speculative information leak
XSA-438 2023-09-19 12:00 2023-09-20 09:19 2 CVE-2023-34322 top-level shadow reference dropped too early for 64-bit PV guests
XSA-437 2023-09-05 07:03 2023-09-05 07:03 2 CVE-2023-34321 arm32: The cache may not be properly cleaned/invalidated
XSA-436 2023-08-01 14:44 2023-08-01 14:44 1 CVE-2023-34320 arm: Guests can trigger a deadlock on Cortex-A77
XSA-435 2023-08-08 15:53 2023-08-08 15:53 1 CVE-2022-40982 x86/Intel: Gather Data Sampling
XSA-434 2023-08-08 15:53 2023-08-08 15:53 1 CVE-2023-20569 x86/AMD: Speculative Return Stack Overflow
XSA-433 2023-07-24 16:00 2023-07-31 16:59 3 CVE-2023-20593 x86/AMD: Zenbleed
XSA-432 2023-08-08 15:53 2023-08-08 15:53 2 CVE-2023-34319 Linux: buffer overrun in netback due to unusual packet
XSA-431 2023-05-16 15:14 2023-05-16 15:14 1 CVE-2022-42336 Mishandling of guest SSBD selection on AMD hardware
XSA-430 2023-04-25 10:48 2023-04-25 10:48 2 CVE-2022-42335 x86 shadow paging arbitrary pointer dereference
XSA-429 2023-03-21 11:34 2023-03-21 11:34 3 CVE-2022-42331 x86: speculative vulnerability in 32bit SYSCALL path
XSA-428 2023-03-21 11:34 2023-03-21 11:34 3 CVE-2022-42333 CVE-2022-42334 x86/HVM pinned cache attributes mis-handling
XSA-427 2023-03-21 11:34 2023-03-21 11:34 2 CVE-2022-42332 x86 shadow plus log-dirty mode use-after-free
XSA-426 2023-02-14 18:02 2023-02-16 17:42 2 CVE-2022-27672 x86: Cross-Thread Return Address Predictions
XSA-425 2023-01-25 14:54 2023-01-25 14:54 1 CVE-2022-42330 Guests can cause Xenstore crash via soft reset
XSA-424 2022-12-06 15:15 2022-12-06 15:15 1 CVE-2022-42328 CVE-2022-42329 Guests can trigger deadlock in Linux netback driver
XSA-423 2022-12-06 15:15 2022-12-07 15:23 2 CVE-2022-3643 Guests can trigger NIC interface reset/abort/crash via netback
XSA-422 2022-11-08 17:34 2022-11-10 15:13 2 CVE-2022-23824 x86: Multiple speculative security issues
XSA-421 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42325 CVE-2022-42326 Xenstore: Guests can create arbitrary number of nodes via transactions
XSA-420 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42324 Oxenstored 32->31 bit integer truncation issues
XSA-419 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42322 CVE-2022-42323 Xenstore: Cooperating guests can create arbitrary numbers of nodes
XSA-418 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42321 Xenstore: Guests can crash xenstored via exhausting the stack
XSA-417 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42320 Xenstore: Guests can get access to Xenstore nodes of deleted domains
XSA-416 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42319 Xenstore: Guests can cause Xenstore to not free temporary memory
XSA-415 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42310 Xenstore: Guests can create orphaned Xenstore nodes
XSA-414 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42309 Xenstore: Guests can crash xenstored
XSA-413 2022-10-11 10:57 2022-10-11 10:57 2 CVE-2022-33749 XAPI open file limit DoS
XSA-412 2022-11-01 10:57 2022-11-01 10:57 2 CVE-2022-42327 x86: unintended memory sharing between guests
XSA-411 2022-10-11 10:57 2022-10-11 10:57 3 CVE-2022-33748 lock order inversion in transitive grant copy handling
XSA-410 2022-10-11 10:57 2022-10-11 10:57 3 CVE-2022-33746 P2M pool freeing may take excessively long
XSA-409 2022-10-11 10:57 2022-10-11 10:57 3 CVE-2022-33747 Arm: unbounded memory consumption for 2nd-level page tables
XSA-408 2022-07-26 10:59 2022-07-26 19:23 3 CVE-2022-33745 insufficient TLB flush for x86 PV guests in shadow mode
XSA-407 2022-07-12 16:35 2022-07-12 16:35 1 CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 Retbleed - arbitrary speculative code execution with return instructions
XSA-406 2022-07-05 10:44 2022-07-05 10:44 3 CVE-2022-33744 Arm guests can cause Dom0 DoS via PV devices
XSA-405 2022-07-05 10:44 2022-07-05 10:44 3 CVE-2022-33743 network backend may cause Linux netfront to use freed SKBs
XSA-404 2022-06-14 18:21 2022-06-16 16:09 2 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 x86: MMIO Stale Data vulnerabilities
XSA-403 2022-07-05 10:44 2022-07-05 10:44 3 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 Linux disk/nic frontends data leaks
XSA-402 2022-06-09 12:00 2022-06-09 12:06 4 CVE-2022-26363 CVE-2022-26364 x86 pv: Insufficient care with non-coherent mappings
XSA-401 2022-06-09 12:00 2022-06-09 12:06 2 CVE-2022-26362 x86 pv: Race condition in typeref acquisition
XSA-400 2022-04-05 12:00 2022-04-05 12:02 2 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
XSA-399 2022-04-05 11:12 2022-04-05 11:12 2 CVE-2022-26357 race in VT-d domain ID cleanup
XSA-398 2022-03-08 18:12 2022-03-18 14:39 2 none (yet) assigned Multiple speculative security issues
XSA-397 2022-04-05 11:12 2022-04-05 11:12 2 CVE-2022-26356 Racy interactions between dirty vram tracking and paging log dirty hypercalls
XSA-396 2022-03-10 10:54 2023-12-15 15:35 4 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 Linux PV device frontends vulnerable to attacks by backends
XSA-395 2022-01-25 11:32 2022-01-25 11:32 2 CVE-2022-23035 Insufficient cleanup of passed-through device IRQs
XSA-394 2022-01-25 11:32 2022-01-25 11:32 3 CVE-2022-23034 A PV guest could DoS Xen while unmapping a grant
XSA-393 2022-01-25 11:32 2022-01-25 11:32 2 CVE-2022-23033 arm: guest_physmap_remove_page not removing the p2m mappings
XSA-392 2021-12-20 09:54 2021-12-20 09:54 4 CVE-2021-28714 CVE-2021-28715 Guest can force Linux netback driver to hog large amounts of kernel memory
XSA-391 2021-12-20 09:54 2021-12-20 09:54 3 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 Rogue backends can cause DoS of guests via high frequency events
XSA-390 2021-11-19 14:10 2021-11-19 14:10 1 CVE-2021-28710 certain VT-d IOMMUs may not work in shared page table mode
XSA-389 2021-11-23 12:00 2021-11-23 12:10 3 CVE-2021-28705 CVE-2021-28709 issues with partially successful P2M updates on x86
XSA-388 2021-11-23 12:00 2021-11-23 12:10 3 CVE-2021-28704 CVE-2021-28707 CVE-2021-28708 PoD operations on misaligned GFNs
XSA-387 2021-11-23 12:00 2021-11-23 12:10 2 CVE-2021-28703 grant table v2 status pages may remain accessible after de-allocation (take two)
XSA-386 2021-10-05 18:43 2021-10-07 14:40 2 CVE-2021-28702 PCI devices with RMRRs not deassigned correctly
XSA-385 2021-11-23 12:00 2021-11-23 12:10 2 CVE-2021-28706 guests may exceed their designated memory limit
XSA-384 2021-09-08 12:00 2021-09-08 12:27 3 CVE-2021-28701 Another race in XENMAPSPACE_grant_table handling
XSA-383 2021-08-25 12:00 2021-08-25 12:00 2 CVE-2021-28700 xen/arm: No memory limit for dom0less domUs
XSA-382 2021-08-25 12:00 2021-08-25 12:00 2 CVE-2021-28699 inadequate grant-v2 status frames array bounds check
XSA-380 2021-08-25 12:00 2021-09-01 09:30 3 CVE-2021-28698 long running loops in grant table handling
XSA-379 2021-08-25 12:00 2021-08-25 12:00 2 CVE-2021-28697 grant table v2 status pages may remain accessible after de-allocation
XSA-378 2021-08-25 12:00 2021-09-01 09:30 3 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 IOMMU page mapping issues on x86
XSA-377 2021-06-08 17:00 2021-06-08 17:04 2 CVE-2021-28690 x86: TSX Async Abort protections not restored after S3
XSA-376 2021-12-20 12:04 2021-12-20 12:04 1 none (yet) assigned frontends vulnerable to backends
XSA-375 2021-06-08 17:00 2021-06-10 09:16 4 CVE-2021-0089 CVE-2021-26313 Speculative Code Store Bypass
XSA-374 2021-06-08 17:00 2021-06-08 17:04 2 CVE-2021-28691 Guest triggered use-after-free in Linux xen-netback
XSA-373 2021-06-08 17:00 2021-06-08 17:04 2 CVE-2021-28692 inappropriate x86 IOMMU timeout detection / handling
XSA-372 2021-06-08 17:00 2021-06-08 17:04 3 CVE-2021-28693 xen/arm: Boot modules are not scrubbed
XSA-371 2021-03-30 11:03 2021-03-30 11:03 3 CVE-2021-28688 Linux: blkback driver may leak persistent grants
XSA-370 2021-05-04 10:19 2021-05-04 10:19 2 CVE-2021-28689 x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests
XSA-369 2021-03-04 10:58 2023-12-15 15:35 3 CVE-2021-28039 Linux: special config may crash when trying to map foreign pages
XSA-368 2021-03-18 11:57 2021-03-18 13:56 3 CVE-2021-28687 HVM soft-reset crashes toolstack
XSA-367 2021-03-04 10:39 2021-03-05 17:07 2 CVE-2021-28038 Linux: netback fails to honor grant mapping errors
XSA-366 2021-02-18 11:46 2021-02-23 16:36 2 CVE-2021-27379 missed flush in XSA-321 backport
XSA-365 2021-02-16 12:00 2021-02-16 12:35 3 CVE-2021-26930 Linux: error handling issues in blkback's grant mapping
XSA-364 2021-02-16 12:00 2021-02-16 12:35 3 CVE-2021-26933 arm: The cache may not be cleaned for newly allocated scrubbed pages
XSA-363 2021-02-16 12:00 2021-02-16 12:35 3 CVE-2021-26934 Linux: display frontend "be-alloc" mode is unsupported
XSA-362 2021-02-16 12:00 2021-02-16 12:35 3 CVE-2021-26931 Linux: backends treating grant mapping errors as bugs
XSA-361 2021-02-16 12:00 2021-02-16 12:35 4 CVE-2021-26932 Linux: grant mapping error handling issues
XSA-360 2021-01-21 14:09 2021-01-26 22:03 2 CVE-2021-3308 IRQ vector leak on x86
XSA-359 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29571 FIFO event channels control structure ordering
XSA-358 2020-12-15 12:00 2020-12-16 17:04 5 CVE-2020-29570 FIFO event channels control block related ordering
XSA-357 2021-08-10 14:45 - - Unused Xen Security Advisory number
XSA-356 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29567 infinite loop when cleaning up IRQ vectors
XSA-355 2020-11-24 12:00 2021-01-19 16:24 3 CVE-2020-29040 stack corruption from XSA-346 change
XSA-354 2020-12-15 12:00 2020-12-15 12:19 4 CVE-2020-29487 XAPI: guest-triggered excessive memory usage
XSA-353 2020-12-15 12:00 2020-12-15 12:19 4 CVE-2020-29479 oxenstored: permissions not checked on root node
XSA-352 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29486 oxenstored: node ownership can be changed by unprivileged clients
XSA-351 2020-11-10 18:01 2023-12-15 15:35 3 CVE-2020-28368 Information leak via power sidechannel
XSA-350 2020-12-15 12:00 2020-12-15 12:19 4 CVE-2020-29569 Use after free triggered by block frontend in Linux blkback
XSA-349 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29568 Frontends can trigger OOM in Backends by update a watched path
XSA-348 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29566 undue recursion in x86 HVM context switch code
XSA-347 2020-10-20 11:49 2021-01-19 16:24 3 CVE-2020-27670 unsafe AMD IOMMU page table updates
XSA-346 2020-10-20 11:49 2021-01-19 16:24 3 CVE-2020-27671 undue deferral of IOMMU TLB flushes
XSA-345 2020-10-20 11:49 2023-12-15 15:35 5 CVE-2020-27672 x86: Race condition in Xen mapping code
XSA-344 2020-09-22 12:00 2020-09-22 13:36 4 CVE-2020-25601 lack of preemption in evtchn_reset() / evtchn_destroy()
XSA-343 2020-09-22 12:00 2020-12-16 17:03 5 CVE-2020-25599 races with evtchn_reset()
XSA-342 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25600 out of bounds event channels available to 32-bit x86 domains
XSA-341 2020-09-08 15:35 - - Unused Xen Security Advisory number
XSA-340 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25603 Missing memory barriers when accessing/allocating an event channel
XSA-339 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25596 x86 pv guest kernel DoS via SYSENTER
XSA-338 2020-09-22 12:00 2020-09-22 13:36 4 CVE-2020-25597 once valid event channels may not turn invalid
XSA-337 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25595 PCI passthrough code reading back hardware registers
XSA-336 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25604 race when migrating timers between x86 HVM vCPU-s
XSA-335 2020-08-24 12:00 2023-12-15 15:35 3 CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue
XSA-334 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25598 Missing unlock in XENMEM_acquire_resource error path
XSA-333 2020-09-22 12:00 2020-09-22 13:36 3 CVE-2020-25602 x86 pv: Crash when handling guest access to MSR_MISC_ENABLE
XSA-332 2020-10-20 11:49 2021-01-19 16:24 4 CVE-2020-27673 Rogue guests can cause DoS of Dom0 via high frequency events
XSA-331 2020-10-20 11:49 2021-01-19 16:24 3 CVE-2020-27675 Race condition in Linux event handler may crash dom0
XSA-330 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29485 oxenstored memory leak in reset_watches
XSA-329 2020-07-16 12:00 2023-12-15 15:35 4 CVE-2020-15852 Linux ioperm bitmap context switching issues
XSA-328 2020-07-07 12:00 2020-07-07 12:23 3 CVE-2020-15567 non-atomic modification of live EPT PTE
XSA-327 2020-07-07 12:00 2020-07-07 12:23 3 CVE-2020-15564 Missing alignment check in VCPUOP_register_vcpu_info
XSA-326 2022-11-01 10:57 2022-11-01 10:57 4 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 Xenstore: guests can let run xenstored out of memory
XSA-325 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29483 Xenstore: guests can disturb domain cleanup
XSA-324 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29484 Xenstore: guests can crash xenstored via watchs
XSA-323 2020-12-15 12:00 2020-12-15 12:19 3 CVE-2020-29482 Xenstore: wrong path length check
XSA-322 2020-12-15 12:00 2020-12-16 16:40 5 CVE-2020-29481 Xenstore: new domains inheriting existing node permissions
XSA-321 2020-07-07 12:00 2020-07-07 12:21 3 CVE-2020-15565 insufficient cache write-back under VT-d
XSA-320 2020-06-09 16:33 2020-06-11 13:09 2 CVE-2020-0543 Special Register Buffer speculative side channel
XSA-319 2020-07-07 12:00 2020-07-07 12:18 3 CVE-2020-15563 inverted code paths in x86 dirty VRAM tracking
XSA-318 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11742 Bad continuation handling in GNTTABOP_copy
XSA-317 2020-07-07 12:00 2020-07-07 12:18 3 CVE-2020-15566 Incorrect error handling in event channel port allocation
XSA-316 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11743 Bad error path in GNTTABOP_map_grant
XSA-315 2020-03-10 17:02 2020-03-10 17:02 1 CVE-2020-0551 Load Value Injection (LVI) speculative side channel
XSA-314 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11739 Missing memory barriers in read-write unlock paths
XSA-313 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11740 CVE-2020-11741 multiple xenoprof issues
XSA-312 2020-01-14 14:20 2020-01-14 14:20 1 none (yet) assigned arm: a CPU may speculate past the ERET instruction
XSA-311 2019-12-11 12:00 2019-12-11 12:09 4 CVE-2019-19577 Bugs in dynamic height handling for AMD IOMMU pagetables
XSA-310 2019-12-11 12:00 2019-12-11 12:09 3 CVE-2019-19580 Further issues with restartable PV type change operations
XSA-309 2019-12-11 12:00 2019-12-11 12:09 3 CVE-2019-19578 Linear pagetable use / entry miscounts
XSA-308 2019-12-11 12:00 2020-08-14 16:50 4 CVE-2019-19583 VMX: VMentry failure with debug exceptions and blocked states
XSA-307 2019-12-11 12:00 2020-08-14 16:50 4 CVE-2019-19581 CVE-2019-19582 find_next_bit() issues
XSA-306 2019-11-26 11:59 2019-12-05 14:20 3 CVE-2019-19579 Device quarantine for alternate pci assignment methods
XSA-305 2019-11-12 17:53 2020-08-14 16:50 2 CVE-2019-11135 TSX Asynchronous Abort speculative side channel
XSA-304 2019-11-12 17:53 2020-08-14 16:50 2 CVE-2018-12207 x86: Machine Check Error on Page Size Change DoS
XSA-303 2019-10-31 12:00 2020-08-14 16:50 5 CVE-2019-18422 ARM: Interrupts are unconditionally unmasked in exception handlers
XSA-302 2019-10-31 12:00 2019-10-31 12:30 5 CVE-2019-18424 passed through PCI devices may corrupt host memory after deassignment
XSA-301 2019-10-31 12:00 2020-08-14 16:50 4 CVE-2019-18423 add-to-physmap can be abused to DoS Arm hosts
XSA-300 2019-07-09 13:54 2020-08-14 16:50 4 CVE-2019-17351 Linux: No grant table and foreign mapping limits
XSA-299 2019-10-31 12:00 2019-10-31 12:28 4 CVE-2019-18421 Issues with restartable PV type change operations
XSA-298 2019-10-31 12:00 2019-10-31 12:28 3 CVE-2019-18425 missing descriptor table limit checking in x86 PV emulation
XSA-297 2019-05-14 15:51 2019-05-14 15:51 1 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Microarchitectural Data Sampling speculative side channel
XSA-296 2019-10-31 12:00 2020-08-14 16:41 5 CVE-2019-18420 VCPUOP_initialise DoS
XSA-295 2019-06-13 19:15 2019-10-25 11:09 2 CVE-2019-17349 CVE-2019-17350 Unlimited Arm Atomics Operations
XSA-294 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17348 x86 shadow: Insufficient TLB flushing when using PCID
XSA-293 2019-03-05 12:00 2019-10-25 11:09 4 CVE-2019-17347 x86: PV kernel context switch corruption
XSA-292 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17346 x86: insufficient TLB flushing when using PCID
XSA-291 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17345 x86/PV: page type reference counting issue with failed IOMMU update
XSA-290 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17344 missing preemption in x86 PV page table unvalidation
XSA-289 2019-01-21 12:00 2019-01-21 17:32 3 none (yet) assigned Cache-load gadgets exploitable with L1TF
XSA-288 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17343 x86: Inconsistent PV IOMMU discipline
XSA-287 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17342 x86: steal_page violates page_struct access discipline
XSA-286 2020-10-20 11:49 2021-01-19 16:24 6 CVE-2020-27674 x86 PV guest INVLPG-like flushes may leave stale TLB entries
XSA-285 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17341 race with pass-through device hotplug
XSA-284 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17340 grant table transfer issues on large hosts
XSA-283 2019-02-22 17:42 2019-02-22 17:42 2 - Withdrawn Xen Security Advisory number
XSA-282 2018-11-06 18:40 2023-12-15 15:35 3 CVE-2018-19967 guest use of HLE constructs may lock up host
XSA-281 2019-03-12 14:12 - - Unused Xen Security Advisory number
XSA-280 2018-11-20 12:00 2023-12-15 15:35 4 CVE-2018-19966 Fix for XSA-240 conflicts with shadow paging
XSA-279 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19965 x86: DoS from attempting to use INVPCID with a non-canonical addresses
XSA-278 2018-10-24 21:11 2018-11-01 11:10 2 CVE-2018-18883 x86: Nested VT-x usable even when disabled
XSA-277 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19964 x86: incorrect error handling for guest p2m page removals
XSA-276 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19963 resource accounting issues in x86 IOREQ server handling
XSA-275 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19961 CVE-2018-19962 insufficient TLB flushing / improper large page mappings with AMD IOMMUs
XSA-274 2018-07-25 16:39 2018-08-15 16:09 3 CVE-2018-14678 Linux: Uninitialized state in x86 PV failsafe callback path
XSA-273 2018-08-14 17:15 2018-08-14 17:15 1 CVE-2018-3620 CVE-2018-3646 L1 Terminal Fault speculative side channel
XSA-272 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15470 oxenstored does not apply quota-maxentity
XSA-271 2018-08-14 17:00 2023-12-15 15:35 3 CVE-2018-14007 XAPI HTTP directory traversal
XSA-270 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15471 Linux netback driver OOB access in hash handling
XSA-269 2018-08-14 17:00 2023-12-15 15:35 4 CVE-2018-15468 x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
XSA-268 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15469 Use of v2 grant tables may cause crash on ARM
XSA-267 2018-06-13 20:23 2023-12-15 15:35 4 CVE-2018-3665 Speculative register leakage from lazy FPU context switching
XSA-266 2018-06-27 20:06 2018-06-27 20:06 3 CVE-2018-12892 libxl fails to honour readonly flag on HVM emulated SCSI disks
XSA-265 2018-06-27 20:06 2018-06-27 20:06 3 CVE-2018-12893 x86: #DB exception safety check can be triggered by a guest
XSA-264 2018-06-27 20:06 2018-06-27 20:06 3 CVE-2018-12891 preemption checks bypassed in x86 PV MM handling
XSA-263 2018-05-21 16:52 2018-05-21 16:52 1 CVE-2018-3639 Speculative Store Bypass
XSA-262 2018-05-08 16:45 2018-05-11 10:13 3 CVE-2018-10981 qemu may drive Xen into unbounded loop
XSA-261 2018-05-08 16:45 2018-05-11 10:13 3 CVE-2018-10982 x86 vHPET interrupt injection errors
XSA-260 2018-05-08 16:45 2023-12-15 15:35 3 CVE-2018-8897 x86: mishandling of debug exceptions
XSA-259 2018-04-25 12:00 2023-12-15 15:35 4 CVE-2018-10471 x86: PV guest may crash Xen with XPTI
XSA-258 2018-04-25 12:00 2018-04-30 13:14 3 CVE-2018-10472 Information leak via crafted user-supplied CDROM
XSA-256 2018-02-27 11:57 2018-03-01 13:15 3 CVE-2018-7542 x86 PVH guest without LAPIC may DoS the host
XSA-255 2018-02-27 11:57 2018-03-01 13:15 4 CVE-2018-7541 grant table v2 -> v1 transition may crash Xen
XSA-254 2018-01-03 22:29 2018-02-23 19:35 12 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Information leak via side effects of speculative execution
XSA-253 2018-01-04 12:00 2018-01-06 15:24 3 CVE-2018-5244 x86: memory leak with MSR emulation
XSA-252 2018-02-27 11:57 2018-03-01 13:15 3 CVE-2018-7540 DoS via non-preemptable L3/L4 pagetable freeing
XSA-251 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17565 improper bug check in x86 log-dirty handling
XSA-250 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17564 improper x86 shadow mode refcount error handling
XSA-249 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17563 broken x86 shadow mode refcount overflow check
XSA-248 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17566 x86 PV guests may gain access to internally used pages
XSA-247 2017-11-28 11:58 2017-11-30 11:59 3 CVE-2017-17045 Missing p2m error checking in PoD code
XSA-246 2017-11-28 11:58 2017-11-30 11:59 3 CVE-2017-17044 x86: infinite loop due to missing PoD error checking
XSA-245 2017-09-28 17:26 2023-12-15 15:35 3 CVE-2017-17046 ARM: Some memory not scrubbed at boot
XSA-244 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15594 x86: Incorrect handling of IST settings during CPU hotplug
XSA-243 2017-10-12 12:00 2017-11-15 17:13 5 CVE-2017-15592 x86: Incorrect handling of self-linear shadow mappings with translated guests
XSA-242 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15593 page type reference leak on x86
XSA-241 2017-10-12 12:00 2017-10-18 12:08 4 CVE-2017-15588 Stale TLB entry due to page type release race
XSA-240 2017-10-12 12:00 2017-12-11 18:15 6 CVE-2017-15595 Unlimited recursion in linear pagetable de-typing
XSA-239 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15589 hypervisor stack leak in x86 I/O intercept code
XSA-238 2017-10-12 12:00 2017-12-06 10:59 3 CVE-2017-15591 DMOP map/unmap missing argument checks
XSA-237 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15590 multiple MSI mapping issues on x86
XSA-236 2017-10-24 12:00 2017-10-24 13:55 3 CVE-2017-15597 pin count / page reference race in grant table code
XSA-235 2017-08-23 15:16 2017-10-18 12:08 2 CVE-2017-15596 add-to-physmap error paths fail to release lock on ARM
XSA-234 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14319 insufficient grant unmapping checks for x86 PV guests
XSA-233 2017-09-12 12:00 2023-12-15 15:35 4 CVE-2017-14317 cxenstored: Race in domain cleanup
XSA-232 2017-09-12 12:00 2017-09-12 12:03 4 CVE-2017-14318 Missing check for grant table
XSA-231 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14316 Missing NUMA node parameter verification
XSA-230 2017-08-15 12:00 2017-08-15 13:47 3 CVE-2017-12855 grant_table: possibly premature clearing of GTF_writing / GTF_reading
XSA-229 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12134 linux: Fix Xen block IO merge-ability calculation
XSA-228 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12136 grant_table: Race conditions with maptrack free list handling
XSA-227 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12137 x86: PV privilege escalation via map_grant_ref
XSA-226 2017-08-15 12:00 2017-08-29 12:03 7 CVE-2017-12135 multiple problems with transitive grants
XSA-225 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10923 arm: vgic: Out-of-bound access when sending SGIs
XSA-224 2017-06-20 11:58 2017-07-07 13:52 5 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 grant table operations mishandle reference counts
XSA-223 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10919 ARM guest disabling interrupt may crash Xen
XSA-222 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10918 stale P2M mappings due to insufficient error checking
XSA-221 2017-06-20 11:58 2023-12-15 15:35 4 CVE-2017-10917 NULL pointer deref in event channel poll
XSA-220 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10916 x86: PKRU and BND* leakage between vCPU-s
XSA-219 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10915 x86: insufficient reference counts during shadow emulation
XSA-218 2017-06-20 12:00 2017-07-07 13:52 5 CVE-2017-10913 CVE-2017-10914 Races in the grant table unmap code
XSA-217 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10912 page transfer may allow PV guest to elevate privilege
XSA-216 2017-06-20 11:58 2017-07-07 13:52 5 CVE-2017-10911 blkif responses leak backend stack data
XSA-215 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8905 possible memory corruption via failsafe callback
XSA-214 2017-05-02 11:18 2023-12-15 15:35 4 CVE-2017-8904 grant transfer allows PV guest to elevate privileges
XSA-213 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8903 x86: 64bit PV guest breakout via pagetable use-after-mode-change
XSA-212 2017-04-04 12:00 2017-04-04 12:37 3 CVE-2017-7228 x86: broken check in memory_exchange() permits PV guest breakout
XSA-211 2017-03-14 11:58 2023-12-15 15:35 3 CVE-2016-9603 Cirrus VGA Heap overflow via display refresh
XSA-210 2017-02-23 16:28 2017-02-23 16:28 1 none (yet) assigned arm: memory corruption when freeing p2m pages
XSA-209 2017-02-21 10:42 2023-12-15 15:35 5 CVE-2017-2620 cirrus_bitblt_cputovideo does not check if memory region is safe
XSA-208 2017-02-10 12:43 2023-12-15 15:35 3 CVE-2017-2615 oob access in cirrus bitblt copy
XSA-207 2017-02-15 12:00 2017-02-15 12:05 2 none (yet) assigned memory leak when destroying guest without PT devices
XSA-206 2017-03-28 12:00 2023-12-15 15:35 10 none (yet) assigned xenstore denial of service via repeated update
XSA-205 2017-02-13 14:23 - - Unused Xen Security Advisory number
XSA-204 2016-12-19 15:36 2016-12-19 17:04 2 CVE-2016-10013 x86: Mishandling of SYSCALL singlestep during emulation
XSA-203 2016-12-21 12:00 2016-12-21 12:01 3 CVE-2016-10025 x86: missing NULL pointer check in VMFUNC emulation
XSA-202 2016-12-21 12:00 2016-12-21 12:01 3 CVE-2016-10024 x86 PV guests may be able to mask interrupts
XSA-201 2016-11-29 14:48 2023-12-15 15:35 3 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 ARM guests may induce host asynchronous abort
XSA-200 2016-12-13 12:00 2016-12-13 13:07 3 CVE-2016-9932 x86 CMPXCHG8B emulation fails to ignore operand size override
XSA-199 2016-12-06 12:00 2023-12-15 15:35 4 CVE-2016-9637 qemu ioport array overflow
XSA-198 2016-11-22 12:00 2023-12-15 15:35 4 CVE-2016-9379 CVE-2016-9380 delimiter injection vulnerabilities in pygrub
XSA-197 2016-11-22 12:00 2023-12-15 15:35 4 CVE-2016-9381 qemu incautious about shared ring processing
XSA-196 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9377 CVE-2016-9378 x86 software interrupt injection mis-handled
XSA-195 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9383 x86 64-bit bit test instruction emulation broken
XSA-194 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9384 guest 32-bit ELF symbol table load leaking host data
XSA-193 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9385 x86 segment base write emulation lacking canonical address checks
XSA-192 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9382 x86 task switch to VM86 mode mis-handled
XSA-191 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9386 x86 null segments not always treated as unusable
XSA-190 2016-10-04 12:00 2016-10-04 12:50 5 CVE-2016-7777 CR0.TS and CR0.EM not always honored for x86 HVM guests
XSA-189 2016-09-21 09:46 - - Unused Xen Security Advisory number
XSA-188 2016-09-08 12:00 2016-09-08 12:00 3 CVE-2016-7154 use after free in FIFO event channel code
XSA-187 2016-09-08 12:00 2016-09-08 12:04 3 CVE-2016-7094 x86 HVM: Overflow of sh_ctxt->seg_reg[]
XSA-186 2016-09-08 12:00 2016-09-08 12:00 4 CVE-2016-7093 x86: Mishandling of instruction pointer truncation during emulation
XSA-185 2016-09-08 12:00 2016-09-08 12:00 3 CVE-2016-7092 x86: Disallow L3 recursive pagetable for 32-bit PV guests
XSA-184 2016-07-27 15:00 2023-12-15 15:35 3 CVE-2016-5403 virtio: unbounded memory allocation issue
XSA-183 2016-07-26 11:32 2023-12-15 15:35 6 CVE-2016-6259 x86: Missing SMAP whitelisting in 32-bit exception / event delivery
XSA-182 2016-07-26 11:32 2023-12-15 15:35 4 CVE-2016-6258 x86: Privilege escalation in PV guests
XSA-181 2016-06-03 09:47 2016-06-03 13:55 2 CVE-2016-5242 arm: Host crash caused by VMID exhaustion
XSA-180 2016-05-23 17:09 2023-12-15 15:35 2 CVE-2014-3672 Unrestricted qemu logging
XSA-179 2016-05-09 11:48 2016-05-10 11:23 5 CVE-2016-3710 CVE-2016-3712 QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
XSA-178 2016-06-02 12:00 2016-06-06 16:55 4 CVE-2016-4963 Unsanitised driver domain input in libxl device handling
XSA-177 2016-05-24 12:21 - - Unused Xen Security Advisory number
XSA-176 2016-05-17 10:54 2016-05-17 10:54 3 CVE-2016-4480 x86 software guest page walk PS bit handling flaw
XSA-175 2016-06-02 12:00 2023-12-15 15:35 7 CVE-2016-4962 Unsanitised guest input in libxl device handling code
XSA-174 2016-04-14 12:00 2016-04-14 13:03 3 CVE-2016-3961 hugetlbfs use may crash PV Linux guests
XSA-173 2016-04-18 12:00 2016-04-18 13:31 3 CVE-2016-3960 x86 shadow pagetables: address width overflow
XSA-172 2016-03-24 16:26 2016-03-24 16:26 3 CVE-2016-3158 CVE-2016-3159 broken AMD FPU FIP/FDP/FOP leak workaround
XSA-171 2016-03-16 19:00 2016-03-16 19:03 4 CVE-2016-3157 I/O port access privilege escalation in x86-64 Linux
XSA-170 2016-02-17 12:00 2016-02-17 12:25 3 CVE-2016-2271 VMX: guest user mode may crash guest with non-canonical RIP
XSA-169 2015-12-21 11:12 2015-12-22 18:46 2 CVE-2015-8615 x86: unintentional logging upon guest changing callback method
XSA-168 2016-01-20 12:00 2016-01-20 12:08 3 CVE-2016-1571 VMX: intercept issue with INVLPG on non-canonical address
XSA-167 2016-01-20 12:00 2016-01-20 12:08 4 CVE-2016-1570 PV superpage functionality missing sanity checks
XSA-166 2015-12-17 12:00 2015-12-17 12:38 2 none (yet) assigned ioreq handling possibly susceptible to multiple read issue
XSA-165 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8555 information leak in legacy x86 FPU/XMM initialization
XSA-164 2015-12-17 12:00 2023-12-15 15:35 4 CVE-2015-8554 qemu-dm buffer overrun in MSI-X handling
XSA-163 2015-11-24 17:12 2015-11-24 17:12 1 none (yet) assigned virtual PMU is unsupported
XSA-162 2015-11-30 06:00 2023-12-15 15:35 3 CVE-2015-7504 heap buffer overflow vulnerability in pcnet emulator
XSA-161 2015-11-25 15:29 2015-11-25 15:29 2 none (yet) assigned WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM
XSA-160 2015-12-08 11:29 2015-12-08 11:29 3 CVE-2015-8341 libxl leak of pv kernel and initrd on error
XSA-159 2015-12-08 11:29 2015-12-08 11:29 4 CVE-2015-8339 CVE-2015-8340 XENMEM_exchange error handling issues
XSA-158 2015-12-08 11:29 2023-12-15 15:35 5 CVE-2015-8338 long running memory operations on ARM
XSA-157 2015-12-17 12:00 2023-12-15 15:35 4 CVE-2015-8551 CVE-2015-8552 Linux pciback missing sanity checks leading to crash
XSA-156 2015-11-10 00:01 2015-11-10 00:07 2 CVE-2015-5307 CVE-2015-8104 x86: CPU lockup during exception delivery
XSA-155 2015-12-17 12:00 2015-12-17 13:36 6 CVE-2015-8550 paravirtualized drivers incautious about shared memory contents
XSA-154 2016-02-17 12:00 2016-02-17 12:25 3 CVE-2016-2270 x86: inconsistent cachability flags on guest mappings
XSA-153 2015-10-29 11:59 2023-12-15 15:35 4 CVE-2015-7972 x86: populate-on-demand balloon size inaccuracy can crash guests
XSA-152 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7971 x86: some pmu and profiling hypercalls log without rate limiting
XSA-151 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7969 x86: leak of per-domain profiling-related vcpu pointer array
XSA-150 2015-10-29 11:59 2015-10-29 11:59 5 CVE-2015-7970 x86: Long latency populate-on-demand operation is not preemptible
XSA-149 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7969 leak of main per-domain vcpu pointer array
XSA-148 2015-10-29 11:59 2015-10-29 11:59 4 CVE-2015-7835 x86: Uncontrolled creation of large page mappings by PV guests
XSA-147 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7814 arm: Race between domain destruction and memory allocation decrease
XSA-146 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7813 arm: various unimplemented hypercalls log without rate limiting
XSA-145 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7812 arm: Host crash when preempting a multicall
XSA-144 2015-10-14 12:03 - - Unused Xen Security Advisory number
XSA-143 2015-10-14 12:03 - - Unused Xen Security Advisory number
XSA-142 2015-09-22 10:00 2023-12-15 15:35 3 CVE-2015-7311 libxl fails to honour readonly flag on disks with qemu-xen
XSA-141 2015-09-01 12:00 2015-09-01 13:18 3 CVE-2015-6654 printk is not rate-limited in xenmem_add_to_physmap_one
XSA-140 2015-08-03 12:00 2023-12-15 15:35 3 CVE-2015-5165 QEMU leak of uninitialized heap memory in rtl8139 device model
XSA-139 2015-08-03 12:00 2023-12-15 15:35 3 CVE-2015-5166 Use after free in QEMU/Xen block unplug protocol
XSA-138 2015-07-27 12:00 2015-07-27 12:03 2 CVE-2015-5154 QEMU heap overflow flaw while processing certain ATAPI commands.
XSA-137 2015-07-07 12:00 2023-12-15 15:35 4 CVE-2015-3259 xl command line config handling stack overflow
XSA-136 2015-06-11 12:00 2015-06-11 12:28 3 CVE-2015-4164 vulnerability in the iret hypercall handler
XSA-135 2015-06-10 13:10 2023-12-15 15:35 4 CVE-2015-3209 Heap overflow in QEMU PCNET controller, allowing guest->host escape
XSA-134 2015-06-11 12:00 2015-06-11 12:28 3 CVE-2015-4163 GNTTABOP_swap_grant_ref operation misbehavior
XSA-133 2015-05-13 11:15 2023-12-15 15:35 3 CVE-2015-3456 Privilege escalation via emulated floppy disk drive
XSA-132 2015-04-20 17:10 2023-12-15 15:35 3 CVE-2015-3340 Information leak through XEN_DOMCTL_gettscinfo
XSA-131 2015-06-02 12:00 2015-06-02 14:02 3 CVE-2015-4106 Unmediated PCI register access in qemu
XSA-130 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4105 Guest triggerable qemu MSI-X pass-through error messages
XSA-129 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4104 PCI MSI mask bits inadvertently exposed to guests
XSA-128 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4103 Potential unintended writes to host MSI message data field via qemu
XSA-127 2015-03-31 12:00 2023-12-15 15:35 3 CVE-2015-2751 Certain domctl operations may be abused to lock up the host
XSA-126 2015-03-31 12:00 2023-12-15 15:35 4 CVE-2015-2756 Unmediated PCI command register access in qemu
XSA-125 2015-03-31 12:00 2015-03-31 12:09 3 CVE-2015-2752 Long latency MMIO mapping operations are not preemptible
XSA-124 2015-03-10 12:00 2015-03-10 12:00 2 none (yet) assigned Non-standard PCI device functionality may render pass-through insecure
XSA-123 2015-03-10 12:00 2015-03-10 12:00 4 CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
XSA-122 2015-03-05 12:00 2015-03-05 12:18 3 CVE-2015-2045 Information leak through version information hypercall
XSA-121 2015-03-05 12:00 2015-03-05 12:18 3 CVE-2015-2044 Information leak via internal x86 system device emulation
XSA-120 2015-03-10 12:00 2023-12-15 15:35 6 CVE-2015-2150 CVE-2015-8553 Non-maskable interrupts triggerable by guests
XSA-119 2015-03-12 12:00 2015-03-12 13:32 3 CVE-2015-2152 HVM qemu unexpectedly enabling emulated VGA graphics backends
XSA-118 2015-01-29 11:14 2015-02-25 11:14 2 CVE-2015-1563 arm: vgic: incorrect rate limiting of guest triggered logging
XSA-117 2015-02-12 12:00 2015-02-12 17:41 2 CVE-2015-0268 arm: vgic-v2: GICD_SGIR is not properly emulated
XSA-116 2015-01-06 12:00 2015-01-06 12:40 3 CVE-2015-0361 xen crash due to use after free on hvm guest teardown
XSA-115 2020-12-15 12:00 2020-12-15 12:15 4 CVE-2020-29480 xenstore watch notifications lacking permission checks
XSA-114 2014-12-08 12:00 2014-12-08 12:08 3 CVE-2014-9065 CVE-2014-9066 p2m lock starvation
XSA-113 2014-11-20 16:26 2014-11-21 12:25 2 CVE-2014-9030 Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
XSA-112 2014-11-27 11:25 2023-12-15 15:35 6 CVE-2014-8867 Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
XSA-111 2014-11-27 11:25 2023-12-15 15:35 4 CVE-2014-8866 Excessive checking in compatibility mode hypercall argument translation
XSA-110 2014-11-18 12:00 2023-12-15 15:35 4 CVE-2014-8595 Missing privilege level checks in x86 emulation of far branches
XSA-109 2014-11-18 12:00 2015-01-20 18:14 4 CVE-2014-8594 Insufficient restrictions on certain MMU update hypercalls
XSA-108 2014-10-01 12:00 2014-10-01 12:02 4 CVE-2014-7188 Improper MSR range used for x2APIC emulation
XSA-107 2014-09-09 12:30 2014-09-11 10:07 2 CVE-2014-6268 Mishandling of uninitialised FIFO-based event channel control blocks
XSA-106 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7156 Missing privilege level checks in x86 emulation of software interrupts
XSA-105 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7155 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
XSA-104 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7154 Race condition in HVMOP_track_dirty_vram
XSA-103 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5148 Flaw in handling unknown system register access from 64-bit userspace on ARM
XSA-102 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5147 Flaws in handling traps from 32-bit userspace on 64-bit ARM
XSA-101 2014-06-25 12:00 2014-06-30 14:22 3 CVE-2014-4022 information leak via gnttab_setup_table on ARM
XSA-100 2014-06-17 11:44 2014-06-17 11:44 3 CVE-2014-4021 Hypervisor heap contents leaked to guests
XSA-99 2014-06-17 11:44 2014-06-17 11:44 2 none (yet) assigned unexpected pitfall in xenaccess API
XSA-98 2014-06-04 12:00 2015-03-13 15:59 5 CVE-2014-3969 insufficient permissions checks accessing guest memory on ARM
XSA-97 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5146 CVE-2014-5149 Long latency virtual-mmu operations are not preemptible
XSA-96 2014-06-03 12:00 2014-06-04 16:03 3 CVE-2014-3967 CVE-2014-3968 Vulnerabilities in HVM MSI injection
XSA-95 2014-05-14 10:44 2014-05-16 10:34 3 CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 input handling vulnerabilities loading guest kernel on ARM
XSA-94 2014-04-23 13:05 2014-04-23 15:12 2 CVE-2014-2986 ARM hypervisor crash on guest interrupt controller access
XSA-93 2014-04-22 15:05 2014-04-23 10:19 2 CVE-2014-2915 Hardware features unintentionally exposed to guests on ARM
XSA-92 2014-04-29 08:50 2014-05-01 10:52 3 CVE-2014-3124 HVMOP_set_mem_type allows invalid P2M entries to be created
XSA-91 2014-04-30 09:52 2014-05-01 10:52 3 CVE-2014-3125 Hardware timer context is not properly context switched on ARM
XSA-90 2014-03-24 13:00 2014-04-02 11:49 2 CVE-2014-2580 Linux netback crash trying to disable due to malformed packet
XSA-89 2014-03-25 12:00 2014-04-02 11:45 3 CVE-2014-2599 HVMOP_set_mem_access is not preemptible
XSA-88 2014-02-12 12:00 2014-02-12 17:04 3 CVE-2014-1950 use-after-free in xc_cpupool_getinfo() under memory pressure
XSA-87 2014-01-23 17:38 2014-01-24 15:37 2 CVE-2014-1666 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
XSA-86 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1896 libvchan failure handling malicious ring indexes
XSA-85 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1895 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
XSA-84 2014-02-06 12:00 2023-12-15 15:35 4 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 integer overflow in several XSM/Flask hypercalls
XSA-83 2014-01-23 12:00 2014-01-23 14:26 3 CVE-2014-1642 Out-of-memory condition yielding memory corruption during IRQ setup
XSA-82 2013-12-02 17:13 2014-02-19 16:54 4 CVE-2013-6885 Guest triggerable AMD CPU erratum may cause host hang
XSA-81 2013-11-27 13:21 - - Unused Xen Security Advisory number
XSA-80 2013-12-10 12:00 2013-12-10 12:58 3 CVE-2013-6400 IOMMU TLB flushing may be inadvertently suppressed
XSA-79 2013-11-27 13:20 - - Unused Xen Security Advisory number
XSA-78 2013-11-20 17:08 2013-11-21 11:32 2 CVE-2013-6375 Insufficient TLB flushing in VT-d (iommu) code
XSA-77 2013-12-10 12:00 2013-12-10 12:58 3 none (yet) assigned Disaggregated domain management security status
XSA-76 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4554 Hypercalls exposed to privilege rings 1 and 2 of HVM guests
XSA-75 2013-11-08 16:20 2013-11-11 11:42 2 CVE-2013-4551 Host crash due to guest VMX instruction execution
XSA-74 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4553 Lock order reversal between page_alloc_lock and mm_rwlock
XSA-73 2013-11-01 15:07 2013-11-04 13:15 3 CVE-2013-4494 Lock order reversal between page allocation and grant table locks
XSA-72 2013-10-29 12:00 2013-10-29 15:39 3 CVE-2013-4416 ocaml xenstored mishandles oversized message replies
XSA-71 2013-10-10 12:00 2013-10-10 12:28 2 CVE-2013-4375 qemu disk backend (qdisk) resource leak
XSA-70 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4371 use-after-free in libxl_list_cpupool under memory pressure
XSA-69 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4370 misplaced free in ocaml xc_vcpu_getaffinity stub
XSA-68 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4369 possible null dereference when parsing vif ratelimiting info
XSA-67 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4368 Information leak through outs instruction emulation
XSA-66 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4361 Information leak through fbld instruction emulation
XSA-65 2013-10-02 15:00 2013-10-02 16:23 2 CVE-2013-4344 qemu SCSI REPORT LUNS buffer overflow
XSA-64 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4356 Memory accessible by 64-bit PV guests under live migration
XSA-63 2013-09-30 10:04 2023-12-15 15:35 4 CVE-2013-4355 Information leaks through I/O instruction emulation
XSA-62 2013-09-24 12:00 2023-12-15 15:35 3 CVE-2013-1442 Information leak on AVX and/or LWP capable CPUs
XSA-61 2013-09-10 10:56 2013-09-11 12:13 2 CVE-2013-4329 libxl partially sets up HVM passthrough even with disabled iommu
XSA-60 2013-07-19 12:00 2014-02-19 16:54 6 CVE-2013-2212 Excessive time to disable caching with HVM guests with PCI passthrough
XSA-59 2013-08-20 12:00 2013-08-20 12:07 4 CVE-2013-3495 Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts
XSA-58 2013-06-26 12:00 2013-06-26 13:18 2 CVE-2013-1432 Page reference counting error due to XSA-45/CVE-2013-1918 fixes
XSA-57 2013-06-20 12:00 2013-06-26 10:37 4 CVE-2013-2211 libxl allows guest write access to sensitive console related xenstore keys
XSA-56 2013-05-17 12:00 2013-05-17 15:44 2 CVE-2013-2072 Buffer overflow in xencontrol Python bindings affecting xend
XSA-55 2013-06-03 16:18 2013-06-20 10:26 5 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 Multiple vulnerabilities in libelf PV kernel handling
XSA-54 2013-06-03 12:00 2014-06-03 12:23 4 CVE-2013-2078 Hypervisor crash due to missing exception recovery on XSETBV
XSA-53 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2077 Hypervisor crash due to missing exception recovery on XRSTOR
XSA-52 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2076 Information leak on XSAVE/XRSTOR capable AMD CPUs
XSA-51 2013-05-06 15:00 2013-05-06 21:18 2 CVE-2013-2007 qemu guest agent (qga) insecure file permissions
XSA-50 2013-04-18 15:16 2023-12-15 15:35 2 CVE-2013-1964 grant table hypercall acquire/release imbalance
XSA-49 2013-05-02 12:00 2023-12-15 15:35 3 CVE-2013-1952 VT-d interrupt remapping source validation flaw for bridges
XSA-48 2013-04-15 15:00 2023-12-15 15:35 3 CVE-2013-1922 qemu-nbd format-guessing due to missing format specification
XSA-47 2013-04-04 17:54 2013-04-04 17:54 1 CVE-2013-1920 Potential use of freed memory in event channel operations
XSA-46 2013-04-18 12:00 2013-04-18 13:35 3 CVE-2013-1919 Several access permission issues with IRQs for unprivileged guests
XSA-45 2013-05-02 12:00 2013-05-02 13:54 2 CVE-2013-1918 Several long latency operations are not preemptible
XSA-44 2013-04-18 12:00 2013-04-18 13:50 3 CVE-2013-1917 Xen PV DoS vulnerability with SYSENTER
XSA-43 2013-02-05 12:00 2023-12-15 15:35 3 CVE-2013-0231 Linux pciback DoS via not rate limited log messages.
XSA-42 2013-02-12 12:00 2013-02-13 16:49 2 CVE-2013-0228 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
XSA-41 2013-01-16 14:50 2013-01-17 12:17 2 CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets
XSA-40 2013-01-16 14:50 2023-12-15 15:35 2 CVE-2013-0190 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
XSA-39 2013-02-05 12:00 2023-12-15 15:35 3 CVE-2013-0216 CVE-2013-0217 Linux netback DoS via malicious guest ring.
XSA-38 2013-02-05 12:00 2013-02-15 11:40 3 CVE-2013-0215 oxenstored incorrect handling of certain Xenbus ring states
XSA-37 2013-01-04 16:00 2013-01-04 16:00 1 CVE-2013-0154 Hypervisor crash due to incorrect ASSERT (debug build only)
XSA-36 2013-02-05 12:00 2013-02-21 11:05 4 CVE-2013-0153 interrupt remap entries shared and old ones not cleared on AMD IOMMUs
XSA-35 2013-01-22 11:49 2013-01-23 18:28 4 CVE-2013-0152 Nested HVM exposes host to being driven out of memory by guest
XSA-34 2013-01-22 11:49 2013-01-22 11:49 2 CVE-2013-0151 nested virtualization on 32-bit exposes host crash
XSA-33 2013-01-08 12:00 2013-01-11 17:10 3 CVE-2012-5634 VT-d interrupt remapping source validation flaw
XSA-32 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5525 several hypercalls do not validate input GFNs
XSA-31 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5515 Several memory hypercall operations allow invalid extent order values
XSA-30 2012-12-03 17:51 2023-12-15 15:35 5 CVE-2012-5514 Broken error handling in guest_physmap_mark_populate_on_demand()
XSA-29 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5513 XENMEM_exchange may overwrite hypervisor memory
XSA-28 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5512 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
XSA-27 2012-12-03 17:51 2023-12-15 15:35 6 CVE-2012-5511 CVE-2012-6333 several HVM operations do not validate the range of their inputs
XSA-26 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5510 Grant table version switch list corruption vulnerability
Older advisories are not listed here.
Xenproject.org Security Team