Shodan
Vulnerabilities
Vulnerable Software
Xen:  >> Xen  >> 4.7.0  Security Vulnerabilities
CVE-2017-10917
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
CVSS Score
9.1
EPSS Score
0.008
Published
2017-07-05
CVE-2017-10918
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
CVSS Score
10.0
EPSS Score
0.017
Published
2017-07-05
CVE-2017-10919
Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-07-05
CVE-2017-10920
The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.
CVSS Score
10.0
EPSS Score
0.011
Published
2017-07-05
CVE-2017-10921
The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.
CVSS Score
10.0
EPSS Score
0.011
Published
2017-07-05
CVE-2017-10922
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-07-05
CVE-2016-9815
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-27
CVE-2016-9816
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-27
CVE-2016-9817
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-27
CVE-2016-9818
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved