Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
221	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
222	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
223	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
224	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
225	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
226	Xen 4.9	4.9.4			3	55	66	3
227	Xen 4.8	4.8.5			10	58	68	3
228	Xen 4.7	4.7.6			12	57	73	4
229	Xen 4.6	4.6.6			11	62	82	8
230	Xen 4.5	4.5.5			11	67	87	16
231	Xen 4.4	4.4.4			11	67	98	25
232	Xen 4.3	4.3.4			11	68	99	23
233	Xen 4.2	4.2.5			11	70	126	34
234	Xen 4.14	4.14.3			0	21	30	3
235	Xen 4.13	4.13.4			0	26	37	3
236	Xen 4.12	4.12.4			1	30	46	3
237	Xen 4.11	4.11.4			1	45	53	3
238	Xen 4.10	4.10.4			2	43	57	3
239	Xen 4.1	4.1.6.1			11	74	122	32
240	Xen 4.0	4.0.4			11	64	104	28
241	Xen 3.4	3.4.4			11	58	84	21
242	Xen 3.3	3.3.2			11	53	82	18
243	Xen 3.2	3.2.3			11	52	76	15
244	Xen 3.1	3.1.4			11	44	71	10
245	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
221	7.5 5.0	HIGH Network	The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS user…	CWE-200 Information Exposure	CVE-2017-10916	cpe:2.3:o:xen:xen:4.8.1:* cpe:2.3:o:xen:xen:4.8.0:* cpe:2.3:o:xen:xen:4.7.1:* cpe:2.3:o:xen:xen:4.6.5:* cpe…		2024-11-21 12:06 2017-07-5	Show	GitHub Exploit DB Packet Storm

222	9.0 6.8	CRITICAL Network	The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.	CWE-362 Race Condition	CVE-2017-10915	cpe:2.3:o:xen:xen::	4.8.1	2024-11-21 12:06 2017-07-5	Show	GitHub Exploit DB Packet Storm

223	8.1 6.8	HIGH Network	The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive…	CWE-362 CWE-415 Race Condition Double Free	CVE-2017-10914	cpe:2.3:o:xen:xen::	4.8.1	2024-11-21 12:06 2017-07-5	Show	GitHub Exploit DB Packet Storm

224	9.8 7.5	CRITICAL Network	The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain priv…	NVD-CWE-noinfo	CVE-2017-10913	cpe:2.3:o:xen:xen::	4.8.1	2024-11-21 12:06 2017-07-5	Show	GitHub Exploit DB Packet Storm

225	10.0 10.0	CRITICAL Network	Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.	NVD-CWE-noinfo	CVE-2017-10912	cpe:2.3:o:xen:xen::	4.8.1	2024-11-21 12:06 2017-07-5	Show	GitHub Exploit DB Packet Storm

226	8.8 6.8	HIGH Local	Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.	CWE-682 Incorrect Calculation	CVE-2017-8905	cpe:2.3:o:xen:xen:4.6.5:* cpe:2.3:o:xen:xen:4.6.4:* cpe:2.3:o:xen:xen:4.6.3:* cpe:2.3:o:xen:xen:4.6.2:* cpe…		2024-11-21 12:34 2017-05-12	Show	GitHub Exploit DB Packet Storm

227	8.8 6.8	HIGH Local	Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the…	NVD-CWE-noinfo	CVE-2017-8904	cpe:2.3:o:xen:xen:4.8.1:* cpe:2.3:o:xen:xen:4.8.0:*		2024-11-21 12:34 2017-05-12	Show	GitHub Exploit DB Packet Storm

228	8.8 7.2	HIGH Local	Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.	NVD-CWE-noinfo	CVE-2017-8903	cpe:2.3:o:xen:xen:4.8.1:* cpe:2.3:o:xen:xen:4.8.0:*		2024-11-21 12:34 2017-05-12	Show	GitHub Exploit DB Packet Storm

229	3.8 1.7	LOW Local	Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in th…	CWE-200 Information Exposure	CVE-2017-7995	cpe:2.3:o:xen:xen::	4.2.5	2024-11-21 12:33 2017-05-4	Show	GitHub Exploit DB Packet Storm

230	8.2 7.2	HIGH Local	An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al…	CWE-129 Improper Validation of Array Index	CVE-2017-7228	cpe:2.3:o:xen:xen:-:*		2024-11-21 12:31 2017-04-4	Show	GitHub Exploit DB Packet Storm