| Max CVSS | 8.3 | Min CVSS | 4.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-6885 | 4.7 |
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, a
|
13-02-2023 - 00:29 | 29-11-2013 - 04:33 | |
| CVE-2014-1666 | 8.3 |
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service
|
03-01-2018 - 02:29 | 26-01-2014 - 16:58 | |
| CVE-2013-4553 | 5.2 |
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
|
07-01-2017 - 02:59 | 24-12-2013 - 19:55 | |
| CVE-2013-4554 | 5.2 |
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
|
07-01-2017 - 02:59 | 24-12-2013 - 19:55 | |
| CVE-2014-1894 | 5.2 |
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1891 | 5.2 |
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1893 | 5.2 |
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecif
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2014-1892 | 5.2 |
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
|
07-01-2017 - 02:59 | 01-04-2014 - 06:35 | |
| CVE-2013-2212 | 5.7 |
The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GF
|
22-12-2016 - 02:59 | 28-08-2013 - 21:55 | |
| CVE-2014-1950 | 4.6 |
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management f
|
12-12-2014 - 03:01 | 14-02-2014 - 15:55 |