Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
CVSS Score
5.5
EPSS Score
0.001
Published
2014-04-24
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
CVSS Score
4.9
EPSS Score
0.001
Published
2014-04-01
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
CVSS Score
4.9
EPSS Score
0.001
Published
2014-03-28
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
CVSS Score
7.7
EPSS Score
0.001
Published
2014-01-07
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-10-30
Page 24