Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
61	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
62	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
63	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
64	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
65	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
66	Xen 4.9	4.9.4			3	55	66	3
67	Xen 4.8	4.8.5			10	58	68	3
68	Xen 4.7	4.7.6			12	57	73	4
69	Xen 4.6	4.6.6			11	62	82	8
70	Xen 4.5	4.5.5			11	67	87	16
71	Xen 4.4	4.4.4			11	67	98	25
72	Xen 4.3	4.3.4			11	68	99	23
73	Xen 4.2	4.2.5			11	70	126	34
74	Xen 4.14	4.14.3			0	21	30	3
75	Xen 4.13	4.13.4			0	26	37	3
76	Xen 4.12	4.12.4			1	30	46	3
77	Xen 4.11	4.11.4			1	45	53	3
78	Xen 4.10	4.10.4			2	43	57	3
79	Xen 4.1	4.1.6.1			11	74	122	32
80	Xen 4.0	4.0.4			11	64	104	28
81	Xen 3.4	3.4.4			11	58	84	21
82	Xen 3.3	3.3.2			11	53	82	18
83	Xen 3.2	3.2.3			11	52	76	15
84	Xen 3.1	3.1.4			11	44	71	10
85	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
61	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23041	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm

62	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23040	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm

63	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23039	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm

64	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23038	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm

65	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23037	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm

66	7.0 4.4	HIGH Local	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Li…	CWE-362 Race Condition	CVE-2022-23036	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:47 2022-03-11	Show	GitHub Exploit DB Packet Storm

67	4.6 4.7	MEDIUM Physics	Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up aft…	CWE-459 Incomplete Cleanup	CVE-2022-23035	cpe:2.3:o:xen:xen::	4.6.0		2024-11-21 15:47 2022-01-25	Show	GitHub Exploit DB Packet Storm

68	5.5 2.1	MEDIUM Local	A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can req…	CWE-191 Integer Underflow (Wrap or Wraparound)	CVE-2022-23034	cpe:2.3:o:xen:xen::	3.2.0	4.13.0	2024-11-21 15:47 2022-01-25	Show	GitHub Exploit DB Packet Storm

69	7.8 4.6	HIGH Local	arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_…	CWE-404 Improper Resource Shutdown or Release	CVE-2022-23033	cpe:2.3:o:xen:xen::	4.12.0		2024-11-21 15:47 2022-01-25	Show	GitHub Exploit DB Packet Storm

70	6.5 2.1	MEDIUM Local	Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen o…	NVD-CWE-noinfo	CVE-2021-28713	cpe:2.3:o:xen:xen:-:*			2024-11-21 15:00 2022-01-6	Show	GitHub Exploit DB Packet Storm