Known Vulnerabilities for products from Xen
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xen".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-23555 json | Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored du... | Not Provided | 2026-03-23 | 2026-04-10 |
| CVE-2026-23554 json | The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so th... | Not Provided | 2026-03-23 | 2026-04-10 |
| CVE-2023-34319 json | The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not ... | 7.8 - HIGH | 2023-09-22 | 2024-02-02 |
| CVE-2023-20593 json | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access s... | 5.5 - MEDIUM | 2023-07-24 | 2023-09-25 |
| CVE-2023-20588 json | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality... | 5.5 - MEDIUM | 2023-08-08 | 2024-04-01 |
| CVE-2023-4949 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.7 - MEDIUM | 2023-11-10 | 2023-11-20 |
| CVE-2022-42336 json | Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h proc... | 3.3 - LOW | 2023-05-17 | 2023-11-07 |
| CVE-2022-42335 json | x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hard... | 7.8 - HIGH | 2023-04-25 | 2024-02-04 |
| CVE-2022-42334 json | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which a... | 6.5 - MEDIUM | 2023-03-21 | 2024-02-04 |
| CVE-2022-42333 json | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which a... | 8.6 - HIGH | 2023-03-21 | 2024-02-04 |
| CVE-2022-42332 json | x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardwa... | 7.8 - HIGH | 2023-03-21 | 2024-02-04 |
| CVE-2022-42331 json | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work ... | 5.5 - MEDIUM | 2023-03-21 | 2024-02-04 |
| CVE-2022-42330 json | Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl bas... | 7.5 - HIGH | 2023-01-26 | 2024-02-04 |
| CVE-2022-42327 json | x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest c... | 7.1 - HIGH | 2022-11-01 | 2024-02-04 |
| CVE-2022-42326 json | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs;... | 5.5 - MEDIUM | 2022-11-01 | 2024-02-04 |
| CVE-2022-42325 json | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs;... | 5.5 - MEDIUM | 2022-11-01 | 2024-02-04 |
| CVE-2022-42324 json | Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus lib... | 5.5 - MEDIUM | 2022-11-01 | 2024-02-04 |
| CVE-2022-42323 json | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the... | 5.5 - MEDIUM | 2022-11-01 | 2024-02-04 |
| CVE-2022-42322 json | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the... | 5.5 - MEDIUM | 2022-11-01 | 2024-02-04 |
| CVE-2022-42321 json | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g.... | 6.5 - MEDIUM | 2022-11-01 | 2024-02-04 |
Known software with vulnerabilities from Xen
| Type | Vendor | Product | Version |
|---|---|---|---|
| Operating System | Xen | Xapi | 2020-12-15 |
| Operating System | Xen | Xen | - |
| Application | Xen | Xen | 4.4.0 |
| Operating System | Xen | Xen-unstable | 25530\ |