Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
41	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
42	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
43	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
44	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
45	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
46	Xen 4.9	4.9.4			3	55	66	3
47	Xen 4.8	4.8.5			10	58	68	3
48	Xen 4.7	4.7.6			12	57	73	4
49	Xen 4.6	4.6.6			11	62	82	8
50	Xen 4.5	4.5.5			11	67	87	16
51	Xen 4.4	4.4.4			11	67	98	25
52	Xen 4.3	4.3.4			11	68	99	23
53	Xen 4.2	4.2.5			11	70	126	34
54	Xen 4.14	4.14.3			0	21	30	3
55	Xen 4.13	4.13.4			0	26	37	3
56	Xen 4.12	4.12.4			1	30	46	3
57	Xen 4.11	4.11.4			1	45	53	3
58	Xen 4.10	4.10.4			2	43	57	3
59	Xen 4.1	4.1.6.1			11	74	122	32
60	Xen 4.0	4.0.4			11	64	104	28
61	Xen 3.4	3.4.4			11	58	84	21
62	Xen 3.3	3.3.2			11	53	82	18
63	Xen 3.2	3.2.3			11	52	76	15
64	Xen 3.1	3.1.4			11	44	71	10
65	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
41	6.5 -	MEDIUM Local	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42314	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

42	6.5 -	MEDIUM Local	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42312	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

43	6.5 -	MEDIUM Local	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42311	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:24 2022-11-1	Show	GitHub Exploit DB Packet Storm

44	5.6 -	MEDIUM Local	lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention t…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2022-33748	cpe:2.3:o:xen:xen::	4.0		2024-11-21 16:08 2022-10-11	Show	GitHub Exploit DB Packet Storm

45	6.5 -	MEDIUM Local	P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable wit…	CWE-404 Improper Resource Shutdown or Release	CVE-2022-33746	cpe:2.3:o:xen:xen::	4.13.0	4.16.1	2024-11-21 16:08 2022-10-11	Show	GitHub Exploit DB Packet Storm

46	6.5 1.9	MEDIUM Local	Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged use…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2022-29901	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:59 2022-07-13	Show	GitHub Exploit DB Packet Storm

47	6.5 2.1	MEDIUM Local	Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.	CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2022-29900	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:59 2022-07-13	Show	GitHub Exploit DB Packet Storm

48	7.8 4.6	HIGH Local	network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retain…	NVD-CWE-noinfo	CVE-2022-33743	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:08 2022-07-5	Show	GitHub Exploit DB Packet Storm

49	7.1 3.6	HIGH Local	Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device …	CWE-200 Information Exposure	CVE-2022-33742	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:08 2022-07-5	Show	GitHub Exploit DB Packet Storm

50	7.1 3.6	HIGH Local	Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device …	CWE-200 Information Exposure	CVE-2022-33741	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:08 2022-07-5	Show	GitHub Exploit DB Packet Storm