Search CVE reports
1 – 10 of 156 results
CVE-2013-2016
Low priorityA flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged...
6 affected packages
kvm, qemu, qemu-kvm, xen-3.1, xen-3.2, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kvm | — | — | — | — | — |
qemu | — | — | — | — | — |
qemu-kvm | — | — | — | — | — |
xen-3.1 | — | — | — | — | — |
xen-3.2 | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-3340
Low priorityXen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2752
Medium prioritySome fixes available 4 of 5
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted...
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2751
Medium priorityXen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2756
Low prioritySome fixes available 6 of 8
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the...
4 affected packages
qemu, qemu-kvm, xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | — | — | — |
qemu-kvm | — | — | — | — | — |
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2152
Medium prioritySome fixes available 4 of 5
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by...
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2151
Medium prioritySome fixes available 4 of 5
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory...
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2045
Medium prioritySome fixes available 4 of 5
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-2044
Medium prioritySome fixes available 4 of 5
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |
CVE-2015-0268
Medium priorityThe vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an...
2 affected packages
xen, xen-3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
xen | — | — | — | — | — |
xen-3.3 | — | — | — | — | — |