Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
51	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
52	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
53	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
54	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
55	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
56	Xen 4.9	4.9.4			3	55	66	3
57	Xen 4.8	4.8.5			10	58	68	3
58	Xen 4.7	4.7.6			12	57	73	4
59	Xen 4.6	4.6.6			11	62	82	8
60	Xen 4.5	4.5.5			11	67	87	16
61	Xen 4.4	4.4.4			11	67	98	25
62	Xen 4.3	4.3.4			11	68	99	23
63	Xen 4.2	4.2.5			11	70	126	34
64	Xen 4.14	4.14.3			0	21	30	3
65	Xen 4.13	4.13.4			0	26	37	3
66	Xen 4.12	4.12.4			1	30	46	3
67	Xen 4.11	4.11.4			1	45	53	3
68	Xen 4.10	4.10.4			2	43	57	3
69	Xen 4.1	4.1.6.1			11	74	122	32
70	Xen 4.0	4.0.4			11	64	104	28
71	Xen 3.4	3.4.4			11	58	84	21
72	Xen 3.3	3.3.2			11	53	82	18
73	Xen 3.2	3.2.3			11	52	76	15
74	Xen 3.1	3.1.4			11	44	71	10
75	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
51	7.1 3.6	HIGH Local	Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device …	CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2022-33740	cpe:2.3:o:xen:xen:-:*			2024-11-21 16:08 2022-07-5	Show	GitHub Exploit DB Packet Storm

52	7.1 3.6	HIGH Local	Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device …	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-26365	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:53 2022-07-5	Show	GitHub Exploit DB Packet Storm

53	7.0 6.2	HIGH Local	race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Th…	CWE-362 Race Condition	CVE-2022-26357	cpe:2.3:o:xen:xen::	4.13.0 4.11.0	4.16.0 4.12.0	2024-11-21 15:53 2022-04-5	Show	GitHub Exploit DB Packet Storm

54	7.8 4.4	HIGH Local	IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI …	NVD-CWE-noinfo	CVE-2022-26361	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:53 2022-04-5	Show	GitHub Exploit DB Packet Storm

55	7.8 4.4	HIGH Local	IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI …	NVD-CWE-noinfo	CVE-2022-26360	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:53 2022-04-5	Show	GitHub Exploit DB Packet Storm

56	7.8 4.4	HIGH Local	IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI …	NVD-CWE-noinfo	CVE-2022-26359	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:53 2022-04-5	Show	GitHub Exploit DB Packet Storm

57	7.8 4.4	HIGH Local	IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI …	NVD-CWE-noinfo	CVE-2022-26358	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:53 2022-04-5	Show	GitHub Exploit DB Packet Storm

58	5.6 4.0	MEDIUM Local	Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy …	CWE-667 Improper Locking	CVE-2022-26356	cpe:2.3:o:xen:xen::	4.15.0 4.13.0 4.0.0	4.16.0 4.14.0 4.12.0	2024-11-21 15:53 2022-04-5	Show	GitHub Exploit DB Packet Storm

59	5.6 1.9	MEDIUM Local	Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buf…	NVD-CWE-noinfo	CVE-2022-23960	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:49 2022-03-13	Show	GitHub Exploit DB Packet Storm

60	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23042	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm