Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
121 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
122 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
123 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
124 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
125 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
126 Xen 4.9 4.9.4 3 55 66 3
127 Xen 4.8 4.8.5 10 58 68 3
128 Xen 4.7 4.7.6 12 57 73 4
129 Xen 4.6 4.6.6 11 62 82 8
130 Xen 4.5 4.5.5 11 67 87 16
131 Xen 4.4 4.4.4 11 67 98 25
132 Xen 4.3 4.3.4 11 68 99 23
133 Xen 4.2 4.2.5 11 70 126 34
134 Xen 4.14 4.14.3 0 21 30 3
135 Xen 4.13 4.13.4 0 26 37 3
136 Xen 4.12 4.12.4 1 30 46 3
137 Xen 4.11 4.11.4 1 45 53 3
138 Xen 4.10 4.10.4 2 43 57 3
139 Xen 4.1 4.1.6.1 11 74 122 32
140 Xen 4.0 4.0.4 11 64 104 28
141 Xen 3.4 3.4.4 11 58 84 21
142 Xen 3.3 3.3.2 11 53 82 18
143 Xen 3.2 3.2.3 11 52 76 15
144 Xen 3.1 3.1.4 11 44 71 10
145 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
121 7.0
4.4 		HIGH
Local 		An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-7… CWE-119
CWE-362
Incorrect Access of Indexable Resource ('Range Error') 
Race Condition 		CVE-2020-25599 cpe:2.3:o:xen:xen:*:* 4.5.0 4.14.0 2024-11-21 14:18
2020-09-24 		Show GitHub Exploit DB Packet Storm
122 5.5
2.1 		MEDIUM
Local 		An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path i… CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2020-25598 cpe:2.3:o:xen:xen:*:* 4.12.0 4.14.0 2024-11-21 14:18
2020-09-24 		Show GitHub Exploit DB Packet Storm
123 6.5
6.1 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen ass… CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2020-25597 cpe:2.3:o:xen:xen:*:* 4.4.0 4.14.0 2024-11-21 14:18
2020-09-24 		Show GitHub Exploit DB Packet Storm
124 5.5
2.1 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. O… CWE-74
Injection 		CVE-2020-25596 cpe:2.3:o:xen:xen:*:* 3.2.0 4.14.0 2024-11-21 14:18
2020-09-24 		Show GitHub Exploit DB Packet Storm
125 7.8
6.1 		HIGH
Local 		An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back f… CWE-269
 Improper Privilege Management 		CVE-2020-25595 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:18
2020-09-24 		Show GitHub Exploit DB Packet Storm
126 7.8
4.6 		HIGH
Local 		An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs b… CWE-276
Incorrect Default Permissions  		CVE-2020-15852 cpe:2.3:o:xen:xen:*:* 4.13.1 2024-11-21 14:06
2020-07-21 		Show GitHub Exploit DB Packet Storm
127 7.8
4.4 		HIGH
Local 		An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest E… CWE-362
Race Condition 		CVE-2020-15567 cpe:2.3:o:xen:xen:*:* 4.13.1 2024-11-21 14:05
2020-07-7 		Show GitHub Exploit DB Packet Storm
128 6.5
4.7 		MEDIUM
Local 		An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channe… CWE-754
 Improper Check for Unusual or Exceptional Conditions 		CVE-2020-15566 cpe:2.3:o:xen:xen:*:* 4.10.0 4.13.1 2024-11-21 14:05
2020-07-7 		Show GitHub Exploit DB Packet Storm
129 8.8
6.1 		HIGH
Local 		An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT… CWE-400
 Uncontrolled Resource Consumption 		CVE-2020-15565 cpe:2.3:o:xen:xen:*:* 3.2.0 4.13.1 2024-11-21 14:05
2020-07-7 		Show GitHub Exploit DB Packet Storm
130 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2020-15564 cpe:2.3:o:xen:xen:*:* 4.8.0 4.13.1 2024-11-21 14:05
2020-07-7 		Show GitHub Exploit DB Packet Storm