Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
21	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
22	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
23	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
24	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
25	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
26	Xen 4.9	4.9.4			3	55	66	3
27	Xen 4.8	4.8.5			10	58	68	3
28	Xen 4.7	4.7.6			12	57	73	4
29	Xen 4.6	4.6.6			11	62	82	8
30	Xen 4.5	4.5.5			11	67	87	16
31	Xen 4.4	4.4.4			11	67	98	25
32	Xen 4.3	4.3.4			11	68	99	23
33	Xen 4.2	4.2.5			11	70	126	34
34	Xen 4.14	4.14.3			0	21	30	3
35	Xen 4.13	4.13.4			0	26	37	3
36	Xen 4.12	4.12.4			1	30	46	3
37	Xen 4.11	4.11.4			1	45	53	3
38	Xen 4.10	4.10.4			2	43	57	3
39	Xen 4.1	4.1.6.1			11	74	122	32
40	Xen 4.0	4.0.4			11	64	104	28
41	Xen 3.4	3.4.4			11	58	84	21
42	Xen 3.3	3.3.2			11	53	82	18
43	Xen 3.2	3.2.3			11	52	76	15
44	Xen 3.1	3.1.4			11	44	71	10
45	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
21	8.6 -	HIGH Network	x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability cont…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42333	cpe:2.3:o:xen:xen::	4.11.0	4.17.0	2024-11-21 16:24 2023-03-21	Show	GitHub Exploit DB Packet Storm

22	7.8 -	HIGH Local	x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called …	CWE-416 Use After Free	CVE-2022-42332	cpe:2.3:o:xen:xen::	3.2.0		2024-11-21 16:24 2023-03-21	Show	GitHub Exploit DB Packet Storm

23	5.5 -	MEDIUM Local	x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late.…	NVD-CWE-noinfo	CVE-2022-42331	cpe:2.3:o:xen:xen::	4.5.0	4.17.0	2024-11-21 16:24 2023-03-21	Show	GitHub Exploit DB Packet Storm

24	7.5 -	HIGH Network	Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Du…	NVD-CWE-noinfo	CVE-2022-42330	cpe:2.3:o:xen:xen:4.17.0:*			2024-11-21 16:24 2023-01-27	Show	GitHub Exploit DB Packet Storm

25	5.5 -	MEDIUM Local	IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.	NVD-CWE-noinfo	CVE-2022-23824	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:49 2022-11-10	Show	GitHub Exploit DB Packet Storm

26	5.5 -	MEDIUM Local	Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Sin…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-42322	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

27	6.5 -	MEDIUM Local	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42316	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

28	6.5 -	MEDIUM Local	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42313	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

29	7.1 -	HIGH Local	x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC ou…	NVD-CWE-noinfo	CVE-2022-42327	cpe:2.3:o:xen:xen:4.16:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

30	6.5 -	MEDIUM Local	Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nestin…	CWE-674 Uncontrolled Recursion	CVE-2022-42321	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm