Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
111	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
112	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
113	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
114	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
115	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
116	Xen 4.9	4.9.4			3	55	66	3
117	Xen 4.8	4.8.5			10	58	68	3
118	Xen 4.7	4.7.6			12	57	73	4
119	Xen 4.6	4.6.6			11	62	82	8
120	Xen 4.5	4.5.5			11	67	87	16
121	Xen 4.4	4.4.4			11	67	98	25
122	Xen 4.3	4.3.4			11	68	99	23
123	Xen 4.2	4.2.5			11	70	126	34
124	Xen 4.14	4.14.3			0	21	30	3
125	Xen 4.13	4.13.4			0	26	37	3
126	Xen 4.12	4.12.4			1	30	46	3
127	Xen 4.11	4.11.4			1	45	53	3
128	Xen 4.10	4.10.4			2	43	57	3
129	Xen 4.1	4.1.6.1			11	74	122	32
130	Xen 4.0	4.0.4			11	64	104	28
131	Xen 3.4	3.4.4			11	58	84	21
132	Xen 3.3	3.3.2			11	53	82	18
133	Xen 3.2	3.2.3			11	52	76	15
134	Xen 3.1	3.1.4			11	44	71	10
135	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
111	5.3 4.6	MEDIUM Local	An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during …	CWE-787 Out-of-bounds Write	CVE-2020-27674	cpe:2.3:o:xen:xen::		4.14.0	2024-11-21 14:21 2020-10-23	Show	GitHub Exploit DB Packet Storm

112	5.5 4.9	MEDIUM Local	An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e995…	NVD-CWE-noinfo	CVE-2020-27673	cpe:2.3:o:xen:xen::		4.14.0	2024-11-21 14:21 2020-10-23	Show	GitHub Exploit DB Packet Storm

113	7.0 6.9	HIGH Local	An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition tha…	CWE-362 CWE-416 Race Condition Use After Free	CVE-2020-27672	cpe:2.3:o:xen:xen::	3.2.0	4.14.0	2024-11-21 14:21 2020-10-23	Show	GitHub Exploit DB Packet Storm

114	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing…	NVD-CWE-noinfo	CVE-2020-27671	cpe:2.3:o:xen:xen::	4.2.0	4.14.0	2024-11-21 14:21 2020-10-23	Show	GitHub Exploit DB Packet Storm

115	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-tabl…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2020-27670	cpe:2.3:o:xen:xen::		4.14.0	2024-11-21 14:21 2020-10-23	Show	GitHub Exploit DB Packet Storm

116	4.7 1.9	MEDIUM Local	An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used…	CWE-362 Race Condition	CVE-2020-25604	cpe:2.3:o:xen:xen::		4.14.0	2024-11-21 14:18 2020-09-24	Show	GitHub Exploit DB Packet Storm

117	7.8 4.6	HIGH Local	An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the …	CWE-670 Always-Incorrect Control Flow Implementation	CVE-2020-25603	cpe:2.3:o:xen:xen::		4.14.0	2024-11-21 14:18 2020-09-24	Show	GitHub Exploit DB Packet Storm

118	6.0 4.6	MEDIUM Local	An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen f…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2020-25602	cpe:2.3:o:xen:xen::	4.11.0	4.14.0	2024-11-21 14:18 2020-09-24	Show	GitHub Exploit DB Packet Storm

119	5.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of …	NVD-CWE-noinfo	CVE-2020-25601	cpe:2.3:o:xen:xen::		4.14.0	2024-11-21 14:18 2020-09-24	Show	GitHub Exploit DB Packet Storm

120	5.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of us…	CWE-787 Out-of-bounds Write	CVE-2020-25600	cpe:2.3:o:xen:xen::	4.4.0	4.14.0	2024-11-21 14:18 2020-09-24	Show	GitHub Exploit DB Packet Storm