Known Vulnerabilities for products from Xen

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xen".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-28710 certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (pa... 8.8 - HIGH 2021-11-21 2021-12-01
CVE-2021-28709 issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains ... 7.8 - HIGH 2021-11-24 2021-12-01
CVE-2021-28708 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vuln... 8.8 - HIGH 2021-11-24 2021-12-01
CVE-2021-28707 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vuln... 8.8 - HIGH 2021-11-24 2021-12-01
CVE-2021-28706 guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to... 8.6 - HIGH 2021-11-24 2021-12-01
CVE-2021-28705 issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains ... 7.8 - HIGH 2021-11-24 2021-12-01
CVE-2021-28704 PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vuln... 8.8 - HIGH 2021-11-24 2021-12-01
CVE-2021-28702 PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (sp... 7.6 - HIGH 2021-10-06 2021-11-28
CVE-2021-28701 Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majori... 7.8 - HIGH 2021-09-08 2021-09-25
CVE-2021-28700 xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged doma... 4.9 - MEDIUM 2021-08-27 2021-09-24
CVE-2021-28699 inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant statu... 5.5 - MEDIUM 2021-08-27 2021-09-24
CVE-2021-28698 long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant ... 5.5 - MEDIUM 2021-08-27 2021-09-24
CVE-2021-28697 grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages o... 7.8 - HIGH 2021-08-27 2021-09-24
CVE-2021-28696 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulne... 6.8 - MEDIUM 2021-08-27 2021-09-24
CVE-2021-28695 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulne... 6.8 - MEDIUM 2021-08-27 2021-09-24
CVE-2021-28694 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulne... 6.8 - MEDIUM 2021-08-27 2021-09-24
CVE-2021-28693 xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area ... 5.5 - MEDIUM 2021-06-30 2021-09-21
CVE-2021-28692 inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of... 7.1 - HIGH 2021-06-30 2021-07-12
CVE-2021-28690 x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnera... 6.5 - MEDIUM 2021-06-29 2021-09-21
CVE-2021-28689 x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time... 5.5 - MEDIUM 2021-06-11 2021-06-24

Known software with vulnerabilities from Xen

Type Vendor Product Version
Operating
System
XenXapi2020-12-15
Operating
System
XenXen-
Operating
System
XenXen-unstable25530\

Popular searches for "Xen"

Xen is a type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel. The Xen Project community develops and maintains Xen Project as free and open-source software, subject to the requirements of the GNU General Public License, version 2.

Xen is a type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel. The Xen Project community develops and maintains Xen Project as free and open-source software, subject to the requirements of the GNU General Public License, version 2. Wikipedia

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report