Advisory Public release Updated Version CVE(s) Title

XSA-344 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-343 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-342 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-341 2020-09-08 15:35 - - Unused Xen Security Advisory number

XSA-340 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-339 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-338 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-337 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-336 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-335 2020-08-24 12:00 2020-08-24 12:17 2 CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue

XSA-334 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-333 2020-09-22 12:00 none (yet) assigned (Prereleased, but embargoed)

XSA-329 2020-07-16 12:00 2020-07-21 11:00 3 CVE-2020-15852 Linux ioperm bitmap context switching issues

XSA-328 2020-07-07 12:00 2020-07-07 12:23 3 CVE-2020-15567 non-atomic modification of live EPT PTE

XSA-327 2020-07-07 12:00 2020-07-07 12:23 3 CVE-2020-15564 Missing alignment check in VCPUOP_register_vcpu_info

XSA-321 2020-07-07 12:00 2020-07-07 12:21 3 CVE-2020-15565 insufficient cache write-back under VT-d

XSA-320 2020-06-09 16:33 2020-06-11 13:09 2 CVE-2020-0543 Special Register Buffer speculative side channel

XSA-319 2020-07-07 12:00 2020-07-07 12:18 3 CVE-2020-15563 inverted code paths in x86 dirty VRAM tracking

XSA-318 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11742 Bad continuation handling in GNTTABOP_copy

XSA-317 2020-07-07 12:00 2020-07-07 12:18 3 CVE-2020-15566 Incorrect error handling in event channel port allocation

XSA-316 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11743 Bad error path in GNTTABOP_map_grant

XSA-315 2020-03-10 17:02 2020-03-10 17:02 1 CVE-2020-0551 Load Value Injection (LVI) speculative side channel

XSA-314 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11739 Missing memory barriers in read-write unlock paths

XSA-313 2020-04-14 12:00 2020-04-14 12:00 3 CVE-2020-11740 CVE-2020-11741 multiple xenoprof issues

XSA-312 2020-01-14 14:20 2020-01-14 14:20 1 none (yet) assigned arm: a CPU may speculate past the ERET instruction

XSA-311 2019-12-11 12:00 2019-12-11 12:09 4 CVE-2019-19577 Bugs in dynamic height handling for AMD IOMMU pagetables

XSA-310 2019-12-11 12:00 2019-12-11 12:09 3 CVE-2019-19580 Further issues with restartable PV type change operations

XSA-309 2019-12-11 12:00 2019-12-11 12:09 3 CVE-2019-19578 Linear pagetable use / entry miscounts

XSA-308 2019-12-11 12:00 2020-08-14 16:50 4 CVE-2019-19583 VMX: VMentry failure with debug exceptions and blocked states

XSA-306 2019-11-26 11:59 2019-12-05 14:20 3 CVE-2019-19579 Device quarantine for alternate pci assignment methods

XSA-305 2019-11-12 17:53 2020-08-14 16:50 2 CVE-2019-11135 TSX Asynchronous Abort speculative side channel

XSA-304 2019-11-12 17:53 2020-08-14 16:50 2 CVE-2018-12207 x86: Machine Check Error on Page Size Change DoS

XSA-303 2019-10-31 12:00 2020-08-14 16:50 5 CVE-2019-18422 ARM: Interrupts are unconditionally unmasked in exception handlers

XSA-302 2019-10-31 12:00 2019-10-31 12:30 5 CVE-2019-18424 passed through PCI devices may corrupt host memory after deassignment

XSA-301 2019-10-31 12:00 2020-08-14 16:50 4 CVE-2019-18423 add-to-physmap can be abused to DoS Arm hosts

XSA-300 2019-07-09 13:54 2020-08-14 16:50 4 CVE-2019-17351 Linux: No grant table and foreign mapping limits

XSA-299 2019-10-31 12:00 2019-10-31 12:28 4 CVE-2019-18421 Issues with restartable PV type change operations

XSA-298 2019-10-31 12:00 2019-10-31 12:28 3 CVE-2019-18425 missing descriptor table limit checking in x86 PV emulation

XSA-297 2019-05-14 15:51 2019-05-14 15:51 1 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Microarchitectural Data Sampling speculative side channel

XSA-295 2019-06-13 19:15 2019-10-25 11:09 2 CVE-2019-17349 CVE-2019-17350 Unlimited Arm Atomics Operations

XSA-294 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17348 x86 shadow: Insufficient TLB flushing when using PCID

XSA-293 2019-03-05 12:00 2019-10-25 11:09 4 CVE-2019-17347 x86: PV kernel context switch corruption

XSA-292 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17346 x86: insufficient TLB flushing when using PCID

XSA-291 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17345 x86/PV: page type reference counting issue with failed IOMMU update

XSA-290 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17344 missing preemption in x86 PV page table unvalidation

XSA-289 2019-01-21 12:00 2019-01-21 17:32 3 none (yet) assigned Cache-load gadgets exploitable with L1TF

XSA-288 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17343 x86: Inconsistent PV IOMMU discipline

XSA-287 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17342 x86: steal_page violates page_struct access discipline

XSA-285 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17341 race with pass-through device hotplug

XSA-284 2019-03-05 12:00 2019-10-25 11:09 3 CVE-2019-17340 grant table transfer issues on large hosts

XSA-283 2019-02-22 17:42 2019-02-22 17:42 2 - Withdrawn Xen Security Advisory number

XSA-282 2018-11-06 18:40 2019-01-08 16:43 2 CVE-2018-19967 guest use of HLE constructs may lock up host

XSA-281 2019-03-12 14:12 - - Unused Xen Security Advisory number

XSA-280 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19966 Fix for XSA-240 conflicts with shadow paging

XSA-279 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19965 x86: DoS from attempting to use INVPCID with a non-canonical addresses

XSA-278 2018-10-24 21:11 2018-11-01 11:10 2 CVE-2018-18883 x86: Nested VT-x usable even when disabled

XSA-277 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19964 x86: incorrect error handling for guest p2m page removals

XSA-276 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19963 resource accounting issues in x86 IOREQ server handling

XSA-275 2018-11-20 12:00 2019-01-08 16:43 3 CVE-2018-19961 CVE-2018-19962 insufficient TLB flushing / improper large page mappings with AMD IOMMUs

XSA-274 2018-07-25 16:39 2018-08-15 16:09 3 CVE-2018-14678 Linux: Uninitialized state in x86 PV failsafe callback path

XSA-273 2018-08-14 17:15 2018-08-14 17:15 1 CVE-2018-3620 CVE-2018-3646 L1 Terminal Fault speculative side channel

XSA-272 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15470 oxenstored does not apply quota-maxentity

XSA-271 2018-08-14 17:00 2018-08-14 17:17 2 CVE-2018-14007 XAPI HTTP directory traversal

XSA-270 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15471 Linux netback driver OOB access in hash handling

XSA-269 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15468 x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS

XSA-268 2018-08-14 17:00 2018-08-20 09:46 3 CVE-2018-15469 Use of v2 grant tables may cause crash on ARM

XSA-267 2018-06-13 20:23 2018-06-13 20:23 3 CVE-2018-3665 Speculative register leakage from lazy FPU context switching

XSA-266 2018-06-27 20:06 2018-06-27 20:06 3 CVE-2018-12892 libxl fails to honour readonly flag on HVM emulated SCSI disks

XSA-265 2018-06-27 20:06 2018-06-27 20:06 3 CVE-2018-12893 x86: #DB exception safety check can be triggered by a guest

XSA-264 2018-06-27 20:06 2018-06-27 20:06 3 CVE-2018-12891 preemption checks bypassed in x86 PV MM handling

XSA-263 2018-05-21 16:52 2018-05-21 16:52 1 CVE-2018-3639 Speculative Store Bypass

XSA-262 2018-05-08 16:45 2018-05-11 10:13 3 CVE-2018-10981 qemu may drive Xen into unbounded loop

XSA-261 2018-05-08 16:45 2018-05-11 10:13 3 CVE-2018-10982 x86 vHPET interrupt injection errors

XSA-260 2018-05-08 16:45 2018-05-08 16:45 2 CVE-2018-8897 x86: mishandling of debug exceptions

XSA-259 2018-04-25 12:00 2018-04-30 13:14 3 CVE-2018-10471 x86: PV guest may crash Xen with XPTI

XSA-258 2018-04-25 12:00 2018-04-30 13:14 3 CVE-2018-10472 Information leak via crafted user-supplied CDROM

XSA-256 2018-02-27 11:57 2018-03-01 13:15 3 CVE-2018-7542 x86 PVH guest without LAPIC may DoS the host

XSA-255 2018-02-27 11:57 2018-03-01 13:15 4 CVE-2018-7541 grant table v2 -> v1 transition may crash Xen

XSA-254 2018-01-03 22:29 2018-02-23 19:35 12 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Information leak via side effects of speculative execution

XSA-253 2018-01-04 12:00 2018-01-06 15:24 3 CVE-2018-5244 x86: memory leak with MSR emulation

XSA-252 2018-02-27 11:57 2018-03-01 13:15 3 CVE-2018-7540 DoS via non-preemptable L3/L4 pagetable freeing

XSA-251 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17565 improper bug check in x86 log-dirty handling

XSA-250 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17564 improper x86 shadow mode refcount error handling

XSA-249 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17563 broken x86 shadow mode refcount overflow check

XSA-248 2017-12-12 11:35 2018-01-06 16:14 3 CVE-2017-17566 x86 PV guests may gain access to internally used pages

XSA-247 2017-11-28 11:58 2017-11-30 11:59 3 CVE-2017-17045 Missing p2m error checking in PoD code

XSA-246 2017-11-28 11:58 2017-11-30 11:59 3 CVE-2017-17044 x86: infinite loop due to missing PoD error checking

XSA-245 2017-09-28 17:26 2017-11-30 11:59 2 CVE-2017-17046 ARM: Some memory not scrubbed at boot

XSA-244 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15594 x86: Incorrect handling of IST settings during CPU hotplug

XSA-243 2017-10-12 12:00 2017-11-15 17:13 5 CVE-2017-15592 x86: Incorrect handling of self-linear shadow mappings with translated guests

XSA-242 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15593 page type reference leak on x86

XSA-241 2017-10-12 12:00 2017-10-18 12:08 4 CVE-2017-15588 Stale TLB entry due to page type release race

XSA-240 2017-10-12 12:00 2017-12-11 18:15 6 CVE-2017-15595 Unlimited recursion in linear pagetable de-typing

XSA-239 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15589 hypervisor stack leak in x86 I/O intercept code

XSA-238 2017-10-12 12:00 2017-12-06 10:59 3 CVE-2017-15591 DMOP map/unmap missing argument checks

XSA-237 2017-10-12 12:00 2017-10-18 12:08 3 CVE-2017-15590 multiple MSI mapping issues on x86

XSA-236 2017-10-24 12:00 2017-10-24 13:55 3 CVE-2017-15597 pin count / page reference race in grant table code

XSA-235 2017-08-23 15:16 2017-10-18 12:08 2 CVE-2017-15596 add-to-physmap error paths fail to release lock on ARM

XSA-234 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14319 insufficient grant unmapping checks for x86 PV guests

XSA-233 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14317 cxenstored: Race in domain cleanup

XSA-232 2017-09-12 12:00 2017-09-12 12:03 4 CVE-2017-14318 Missing check for grant table

XSA-231 2017-09-12 12:00 2017-09-12 12:03 3 CVE-2017-14316 Missing NUMA node parameter verification

XSA-230 2017-08-15 12:00 2017-08-15 13:47 3 CVE-2017-12855 grant_table: possibly premature clearing of GTF_writing / GTF_reading

XSA-229 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12134 linux: Fix Xen block IO merge-ability calculation

XSA-228 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12136 grant_table: Race conditions with maptrack free list handling

XSA-227 2017-08-15 12:00 2017-08-15 12:04 3 CVE-2017-12137 x86: PV privilege escalation via map_grant_ref

XSA-226 2017-08-15 12:00 2017-08-29 12:03 7 CVE-2017-12135 multiple problems with transitive grants

XSA-225 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10923 arm: vgic: Out-of-bound access when sending SGIs

XSA-224 2017-06-20 11:58 2017-07-07 13:52 5 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 grant table operations mishandle reference counts

XSA-223 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10919 ARM guest disabling interrupt may crash Xen

XSA-222 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10918 stale P2M mappings due to insufficient error checking

XSA-221 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10917 NULL pointer deref in event channel poll

XSA-220 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10916 x86: PKRU and BND* leakage between vCPU-s

XSA-219 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10915 x86: insufficient reference counts during shadow emulation

XSA-218 2017-06-20 12:00 2017-07-07 13:52 5 CVE-2017-10913 CVE-2017-10914 Races in the grant table unmap code

XSA-217 2017-06-20 11:58 2017-07-07 13:52 3 CVE-2017-10912 page transfer may allow PV guest to elevate privilege

XSA-216 2017-06-20 11:58 2017-07-07 13:52 5 CVE-2017-10911 blkif responses leak backend stack data

XSA-215 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8905 possible memory corruption via failsafe callback

XSA-214 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8904 grant transfer allows PV guest to elevate privileges

XSA-213 2017-05-02 11:18 2017-05-12 10:44 3 CVE-2017-8903 x86: 64bit PV guest breakout via pagetable use-after-mode-change

XSA-212 2017-04-04 12:00 2017-04-04 12:37 3 CVE-2017-7228 x86: broken check in memory_exchange() permits PV guest breakout

XSA-211 2017-03-14 11:58 2017-03-14 11:58 2 CVE-2016-9603 Cirrus VGA Heap overflow via display refresh

XSA-210 2017-02-23 16:28 2017-02-23 16:28 1 none (yet) assigned arm: memory corruption when freeing p2m pages

XSA-209 2017-02-21 10:42 2017-02-23 15:52 4 CVE-2017-2620 cirrus_bitblt_cputovideo does not check if memory region is safe

XSA-208 2017-02-10 12:43 2017-02-13 18:13 2 CVE-2017-2615 oob access in cirrus bitblt copy

XSA-207 2017-02-15 12:00 2017-02-15 12:05 2 none (yet) assigned memory leak when destroying guest without PT devices

XSA-206 2017-03-28 12:00 2017-03-29 15:05 9 none (yet) assigned xenstore denial of service via repeated update

XSA-205 2017-02-13 14:23 - - Unused Xen Security Advisory number

XSA-204 2016-12-19 15:36 2016-12-19 17:04 2 CVE-2016-10013 x86: Mishandling of SYSCALL singlestep during emulation

XSA-203 2016-12-21 12:00 2016-12-21 12:01 3 CVE-2016-10025 x86: missing NULL pointer check in VMFUNC emulation

XSA-202 2016-12-21 12:00 2016-12-21 12:01 3 CVE-2016-10024 x86 PV guests may be able to mask interrupts

XSA-201 2016-11-29 14:48 2016-12-07 10:32 2 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 ARM guests may induce host asynchronous abort

XSA-200 2016-12-13 12:00 2016-12-13 13:07 3 CVE-2016-9932 x86 CMPXCHG8B emulation fails to ignore operand size override

XSA-199 2016-12-06 12:00 2016-12-06 12:11 3 CVE-2016-9637 qemu ioport array overflow

XSA-198 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9379 CVE-2016-9380 delimiter injection vulnerabilities in pygrub

XSA-197 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9381 qemu incautious about shared ring processing

XSA-196 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9377 CVE-2016-9378 x86 software interrupt injection mis-handled

XSA-195 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9383 x86 64-bit bit test instruction emulation broken

XSA-194 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9384 guest 32-bit ELF symbol table load leaking host data

XSA-193 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9385 x86 segment base write emulation lacking canonical address checks

XSA-192 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9382 x86 task switch to VM86 mode mis-handled

XSA-191 2016-11-22 12:00 2016-11-22 12:00 3 CVE-2016-9386 x86 null segments not always treated as unusable

XSA-190 2016-10-04 12:00 2016-10-04 12:50 5 CVE-2016-7777 CR0.TS and CR0.EM not always honored for x86 HVM guests

XSA-189 2016-09-21 09:46 - - Unused Xen Security Advisory number

XSA-188 2016-09-08 12:00 2016-09-08 12:00 3 CVE-2016-7154 use after free in FIFO event channel code

XSA-187 2016-09-08 12:00 2016-09-08 12:04 3 CVE-2016-7094 x86 HVM: Overflow of sh_ctxt->seg_reg[]

XSA-186 2016-09-08 12:00 2016-09-08 12:00 4 CVE-2016-7093 x86: Mishandling of instruction pointer truncation during emulation

XSA-185 2016-09-08 12:00 2016-09-08 12:00 3 CVE-2016-7092 x86: Disallow L3 recursive pagetable for 32-bit PV guests

XSA-184 2016-07-27 15:00 2016-07-27 16:06 2 CVE-2016-5403 virtio: unbounded memory allocation issue

XSA-183 2016-07-26 11:32 2016-07-26 11:32 5 CVE-2016-6259 x86: Missing SMAP whitelisting in 32-bit exception / event delivery

XSA-182 2016-07-26 11:32 2016-07-26 11:32 3 CVE-2016-6258 x86: Privilege escalation in PV guests

XSA-181 2016-06-03 09:47 2016-06-03 13:55 2 CVE-2016-5242 arm: Host crash caused by VMID exhaustion

XSA-180 2016-05-23 17:09 2016-05-23 17:09 1 CVE-2014-3672 Unrestricted qemu logging

XSA-179 2016-05-09 11:48 2016-05-10 11:23 5 CVE-2016-3710 CVE-2016-3712 QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks

XSA-178 2016-06-02 12:00 2016-06-06 16:55 4 CVE-2016-4963 Unsanitised driver domain input in libxl device handling

XSA-177 2016-05-24 12:21 - - Unused Xen Security Advisory number

XSA-176 2016-05-17 10:54 2016-05-17 10:54 3 CVE-2016-4480 x86 software guest page walk PS bit handling flaw

XSA-175 2016-06-02 12:00 2016-06-06 16:55 6 CVE-2016-4962 Unsanitised guest input in libxl device handling code

XSA-174 2016-04-14 12:00 2016-04-14 13:03 3 CVE-2016-3961 hugetlbfs use may crash PV Linux guests

XSA-173 2016-04-18 12:00 2016-04-18 13:31 3 CVE-2016-3960 x86 shadow pagetables: address width overflow

XSA-172 2016-03-24 16:26 2016-03-24 16:26 3 CVE-2016-3158 CVE-2016-3159 broken AMD FPU FIP/FDP/FOP leak workaround

XSA-171 2016-03-16 19:00 2016-03-16 19:03 4 CVE-2016-3157 I/O port access privilege escalation in x86-64 Linux

XSA-170 2016-02-17 12:00 2016-02-17 12:25 3 CVE-2016-2271 VMX: guest user mode may crash guest with non-canonical RIP

XSA-169 2015-12-21 11:12 2015-12-22 18:46 2 CVE-2015-8615 x86: unintentional logging upon guest changing callback method

XSA-168 2016-01-20 12:00 2016-01-20 12:08 3 CVE-2016-1571 VMX: intercept issue with INVLPG on non-canonical address

XSA-167 2016-01-20 12:00 2016-01-20 12:08 4 CVE-2016-1570 PV superpage functionality missing sanity checks

XSA-166 2015-12-17 12:00 2015-12-17 12:38 2 none (yet) assigned ioreq handling possibly susceptible to multiple read issue

XSA-165 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8555 information leak in legacy x86 FPU/XMM initialization

XSA-164 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8554 qemu-dm buffer overrun in MSI-X handling

XSA-163 2015-11-24 17:12 2015-11-24 17:12 1 none (yet) assigned virtual PMU is unsupported

XSA-162 2015-11-30 06:00 2015-11-30 10:54 2 CVE-2015-7504 heap buffer overflow vulnerability in pcnet emulator

XSA-161 2015-11-25 15:29 2015-11-25 15:29 2 none (yet) assigned WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM

XSA-160 2015-12-08 11:29 2015-12-08 11:29 3 CVE-2015-8341 libxl leak of pv kernel and initrd on error

XSA-159 2015-12-08 11:29 2015-12-08 11:29 4 CVE-2015-8339 CVE-2015-8340 XENMEM_exchange error handling issues

XSA-158 2015-12-08 11:29 2015-12-10 13:55 4 CVE-2015-8338 long running memory operations on ARM

XSA-157 2015-12-17 12:00 2015-12-17 12:38 3 CVE-2015-8551 CVE-2015-8552 Linux pciback missing sanity checks leading to crash

XSA-156 2015-11-10 00:01 2015-11-10 00:07 2 CVE-2015-5307 CVE-2015-8104 x86: CPU lockup during exception delivery

XSA-155 2015-12-17 12:00 2015-12-17 13:36 6 CVE-2015-8550 paravirtualized drivers incautious about shared memory contents

XSA-154 2016-02-17 12:00 2016-02-17 12:25 3 CVE-2016-2270 x86: inconsistent cachability flags on guest mappings

XSA-153 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7972 x86: populate-on-demand balloon size inaccuracy can crash guests

XSA-152 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7971 x86: some pmu and profiling hypercalls log without rate limiting

XSA-151 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7969 x86: leak of per-domain profiling-related vcpu pointer array

XSA-150 2015-10-29 11:59 2015-10-29 11:59 5 CVE-2015-7970 x86: Long latency populate-on-demand operation is not preemptible

XSA-149 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7969 leak of main per-domain vcpu pointer array

XSA-148 2015-10-29 11:59 2015-10-29 11:59 4 CVE-2015-7835 x86: Uncontrolled creation of large page mappings by PV guests

XSA-147 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7814 arm: Race between domain destruction and memory allocation decrease

XSA-146 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7813 arm: various unimplemented hypercalls log without rate limiting

XSA-145 2015-10-29 11:59 2015-10-29 11:59 3 CVE-2015-7812 arm: Host crash when preempting a multicall

XSA-144 2015-10-14 12:03 - - Unused Xen Security Advisory number

XSA-143 2015-10-14 12:03 - - Unused Xen Security Advisory number

XSA-142 2015-09-22 10:00 2015-09-22 15:15 2 CVE-2015-7311 libxl fails to honour readonly flag on disks with qemu-xen

XSA-141 2015-09-01 12:00 2015-09-01 13:18 3 CVE-2015-6654 printk is not rate-limited in xenmem_add_to_physmap_one

XSA-140 2015-08-03 12:00 2015-08-03 12:37 2 CVE-2015-5165 QEMU leak of uninitialized heap memory in rtl8139 device model

XSA-139 2015-08-03 12:00 2015-08-03 12:37 2 CVE-2015-5166 Use after free in QEMU/Xen block unplug protocol

XSA-138 2015-07-27 12:00 2015-07-27 12:03 2 CVE-2015-5154 QEMU heap overflow flaw while processing certain ATAPI commands.

XSA-137 2015-07-07 12:00 2015-07-07 12:25 3 CVE-2015-3259 xl command line config handling stack overflow

XSA-136 2015-06-11 12:00 2015-06-11 12:28 3 CVE-2015-4164 vulnerability in the iret hypercall handler

XSA-135 2015-06-10 13:10 2015-06-10 13:10 3 CVE-2015-3209 Heap overflow in QEMU PCNET controller, allowing guest->host escape

XSA-134 2015-06-11 12:00 2015-06-11 12:28 3 CVE-2015-4163 GNTTABOP_swap_grant_ref operation misbehavior

XSA-133 2015-05-13 11:15 2015-05-13 11:15 2 CVE-2015-3456 Privilege escalation via emulated floppy disk drive

XSA-132 2015-04-20 17:10 2015-04-22 13:20 2 CVE-2015-3340 Information leak through XEN_DOMCTL_gettscinfo

XSA-131 2015-06-02 12:00 2015-06-02 14:02 3 CVE-2015-4106 Unmediated PCI register access in qemu

XSA-130 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4105 Guest triggerable qemu MSI-X pass-through error messages

XSA-129 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4104 PCI MSI mask bits inadvertently exposed to guests

XSA-128 2015-06-02 12:00 2015-06-02 14:02 2 CVE-2015-4103 Potential unintended writes to host MSI message data field via qemu

XSA-127 2015-03-31 12:00 2015-03-31 12:09 2 CVE-2015-2751 Certain domctl operations may be abused to lock up the host

XSA-126 2015-03-31 12:00 2015-03-31 12:09 3 CVE-2015-2756 Unmediated PCI command register access in qemu

XSA-125 2015-03-31 12:00 2015-03-31 12:09 3 CVE-2015-2752 Long latency MMIO mapping operations are not preemptible

XSA-124 2015-03-10 12:00 2015-03-10 12:00 2 none (yet) assigned Non-standard PCI device functionality may render pass-through insecure

XSA-123 2015-03-10 12:00 2015-03-10 12:00 4 CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw

XSA-122 2015-03-05 12:00 2015-03-05 12:18 3 CVE-2015-2045 Information leak through version information hypercall

XSA-121 2015-03-05 12:00 2015-03-05 12:18 3 CVE-2015-2044 Information leak via internal x86 system device emulation

XSA-120 2015-03-10 12:00 2015-03-31 16:13 5 CVE-2015-2150 Non-maskable interrupts triggerable by guests

XSA-119 2015-03-12 12:00 2015-03-12 13:32 3 CVE-2015-2152 HVM qemu unexpectedly enabling emulated VGA graphics backends

XSA-118 2015-01-29 11:14 2015-02-25 11:14 2 CVE-2015-1563 arm: vgic: incorrect rate limiting of guest triggered logging

XSA-117 2015-02-12 12:00 2015-02-12 17:41 2 CVE-2015-0268 arm: vgic-v2: GICD_SGIR is not properly emulated

XSA-116 2015-01-06 12:00 2015-01-06 12:40 3 CVE-2015-0361 xen crash due to use after free on hvm guest teardown

XSA-114 2014-12-08 12:00 2014-12-08 12:08 3 CVE-2014-9065 CVE-2014-9066 p2m lock starvation

XSA-113 2014-11-20 16:26 2014-11-21 12:25 2 CVE-2014-9030 Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling

XSA-112 2014-11-27 11:25 2014-11-27 11:25 5 CVE-2014-8867 Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor

XSA-111 2014-11-27 11:25 2014-11-27 11:25 3 CVE-2014-8866 Excessive checking in compatibility mode hypercall argument translation

XSA-110 2014-11-18 12:00 2014-11-18 12:23 3 CVE-2014-8595 Missing privilege level checks in x86 emulation of far branches

XSA-109 2014-11-18 12:00 2015-01-20 18:14 4 CVE-2014-8594 Insufficient restrictions on certain MMU update hypercalls

XSA-108 2014-10-01 12:00 2014-10-01 12:02 4 CVE-2014-7188 Improper MSR range used for x2APIC emulation

XSA-107 2014-09-09 12:30 2014-09-11 10:07 2 CVE-2014-6268 Mishandling of uninitialised FIFO-based event channel control blocks

XSA-106 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7156 Missing privilege level checks in x86 emulation of software interrupts

XSA-105 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7155 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation

XSA-104 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7154 Race condition in HVMOP_track_dirty_vram

XSA-103 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5148 Flaw in handling unknown system register access from 64-bit userspace on ARM

XSA-102 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5147 Flaws in handling traps from 32-bit userspace on 64-bit ARM

XSA-101 2014-06-25 12:00 2014-06-30 14:22 3 CVE-2014-4022 information leak via gnttab_setup_table on ARM

XSA-100 2014-06-17 11:44 2014-06-17 11:44 3 CVE-2014-4021 Hypervisor heap contents leaked to guests

XSA-99 2014-06-17 11:44 2014-06-17 11:44 2 none (yet) assigned unexpected pitfall in xenaccess API

XSA-98 2014-06-04 12:00 2015-03-13 15:59 5 CVE-2014-3969 insufficient permissions checks accessing guest memory on ARM

XSA-97 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5146 CVE-2014-5149 Long latency virtual-mmu operations are not preemptible

XSA-96 2014-06-03 12:00 2014-06-04 16:03 3 CVE-2014-3967 CVE-2014-3968 Vulnerabilities in HVM MSI injection

XSA-95 2014-05-14 10:44 2014-05-16 10:34 3 CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 input handling vulnerabilities loading guest kernel on ARM

XSA-94 2014-04-23 13:05 2014-04-23 15:12 2 CVE-2014-2986 ARM hypervisor crash on guest interrupt controller access

XSA-93 2014-04-22 15:05 2014-04-23 10:19 2 CVE-2014-2915 Hardware features unintentionally exposed to guests on ARM

XSA-92 2014-04-29 08:50 2014-05-01 10:52 3 CVE-2014-3124 HVMOP_set_mem_type allows invalid P2M entries to be created

XSA-91 2014-04-30 09:52 2014-05-01 10:52 3 CVE-2014-3125 Hardware timer context is not properly context switched on ARM

XSA-90 2014-03-24 13:00 2014-04-02 11:49 2 CVE-2014-2580 Linux netback crash trying to disable due to malformed packet

XSA-89 2014-03-25 12:00 2014-04-02 11:45 3 CVE-2014-2599 HVMOP_set_mem_access is not preemptible

XSA-88 2014-02-12 12:00 2014-02-12 17:04 3 CVE-2014-1950 use-after-free in xc_cpupool_getinfo() under memory pressure

XSA-87 2014-01-23 17:38 2014-01-24 15:37 2 CVE-2014-1666 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests

XSA-86 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1896 libvchan failure handling malicious ring indexes

XSA-85 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1895 Off-by-one error in FLASK_AVC_CACHESTAT hypercall

XSA-84 2014-02-06 12:00 2014-02-10 11:29 3 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 integer overflow in several XSM/Flask hypercalls

XSA-83 2014-01-23 12:00 2014-01-23 14:26 3 CVE-2014-1642 Out-of-memory condition yielding memory corruption during IRQ setup

XSA-82 2013-12-02 17:13 2014-02-19 16:54 4 CVE-2013-6885 Guest triggerable AMD CPU erratum may cause host hang

XSA-81 2013-11-27 13:21 - - Unused Xen Security Advisory number

XSA-80 2013-12-10 12:00 2013-12-10 12:58 3 CVE-2013-6400 IOMMU TLB flushing may be inadvertently suppressed

XSA-79 2013-11-27 13:20 - - Unused Xen Security Advisory number

XSA-78 2013-11-20 17:08 2013-11-21 11:32 2 CVE-2013-6375 Insufficient TLB flushing in VT-d (iommu) code

XSA-77 2013-12-10 12:00 2013-12-10 12:58 3 none (yet) assigned Disaggregated domain management security status

XSA-76 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4554 Hypercalls exposed to privilege rings 1 and 2 of HVM guests

XSA-75 2013-11-08 16:20 2013-11-11 11:42 2 CVE-2013-4551 Host crash due to guest VMX instruction execution

XSA-74 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4553 Lock order reversal between page_alloc_lock and mm_rwlock

XSA-73 2013-11-01 15:07 2013-11-04 13:15 3 CVE-2013-4494 Lock order reversal between page allocation and grant table locks

XSA-72 2013-10-29 12:00 2013-10-29 15:39 3 CVE-2013-4416 ocaml xenstored mishandles oversized message replies

XSA-71 2013-10-10 12:00 2013-10-10 12:28 2 CVE-2013-4375 qemu disk backend (qdisk) resource leak

XSA-70 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4371 use-after-free in libxl_list_cpupool under memory pressure

XSA-69 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4370 misplaced free in ocaml xc_vcpu_getaffinity stub

XSA-68 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4369 possible null dereference when parsing vif ratelimiting info

XSA-67 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4368 Information leak through outs instruction emulation

XSA-66 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4361 Information leak through fbld instruction emulation

XSA-65 2013-10-02 15:00 2013-10-02 16:23 2 CVE-2013-4344 qemu SCSI REPORT LUNS buffer overflow

XSA-64 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4356 Memory accessible by 64-bit PV guests under live migration

XSA-63 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4355 Information leaks through I/O instruction emulation

XSA-62 2013-09-24 12:00 2013-09-25 08:23 2 CVE-2013-1442 Information leak on AVX and/or LWP capable CPUs

XSA-61 2013-09-10 10:56 2013-09-11 12:13 2 CVE-2013-4329 libxl partially sets up HVM passthrough even with disabled iommu

XSA-60 2013-07-19 12:00 2014-02-19 16:54 6 CVE-2013-2212 Excessive time to disable caching with HVM guests with PCI passthrough

XSA-59 2013-08-20 12:00 2013-08-20 12:07 4 CVE-2013-3495 Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts

XSA-58 2013-06-26 12:00 2013-06-26 13:18 2 CVE-2013-1432 Page reference counting error due to XSA-45/CVE-2013-1918 fixes

XSA-57 2013-06-20 12:00 2013-06-26 10:37 4 CVE-2013-2211 libxl allows guest write access to sensitive console related xenstore keys

XSA-56 2013-05-17 12:00 2013-05-17 15:44 2 CVE-2013-2072 Buffer overflow in xencontrol Python bindings affecting xend

XSA-55 2013-06-03 16:18 2013-06-20 10:26 5 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 Multiple vulnerabilities in libelf PV kernel handling

XSA-54 2013-06-03 12:00 2014-06-03 12:23 4 CVE-2013-2078 Hypervisor crash due to missing exception recovery on XSETBV

XSA-53 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2077 Hypervisor crash due to missing exception recovery on XRSTOR

XSA-52 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2076 Information leak on XSAVE/XRSTOR capable AMD CPUs

XSA-51 2013-05-06 15:00 2013-05-06 21:18 2 CVE-2013-2007 qemu guest agent (qga) insecure file permissions

XSA-50 2013-04-18 15:16 2013-04-18 15:16 1 CVE-2013-1964 grant table hypercall acquire/release imbalance

XSA-49 2013-05-02 12:00 2013-05-02 14:27 2 CVE-2013-1952 VT-d interrupt remapping source validation flaw for bridges

XSA-48 2013-04-15 15:00 2013-04-15 15:00 2 CVE-2013-1922 qemu-nbd format-guessing due to missing format specification

XSA-47 2013-04-04 17:54 2013-04-04 17:54 1 CVE-2013-1920 Potential use of freed memory in event channel operations

XSA-46 2013-04-18 12:00 2013-04-18 13:35 3 CVE-2013-1919 Several access permission issues with IRQs for unprivileged guests

XSA-45 2013-05-02 12:00 2013-05-02 13:54 2 CVE-2013-1918 Several long latency operations are not preemptible

XSA-44 2013-04-18 12:00 2013-04-18 13:50 3 CVE-2013-1917 Xen PV DoS vulnerability with SYSENTER

XSA-43 2013-02-05 12:00 2013-02-05 12:59 2 CVE-2013-0231 Linux pciback DoS via not rate limited log messages.

XSA-42 2013-02-12 12:00 2013-02-13 16:49 2 CVE-2013-0228 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.

XSA-41 2013-01-16 14:50 2013-01-17 12:17 2 CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets

XSA-40 2013-01-16 14:50 2013-01-16 14:50 1 CVE-2013-0190 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.

XSA-39 2013-02-05 12:00 2013-02-05 12:59 2 CVE-2013-0216 CVE-2013-0217 Linux netback DoS via malicious guest ring.

XSA-38 2013-02-05 12:00 2013-02-15 11:40 3 CVE-2013-0215 oxenstored incorrect handling of certain Xenbus ring states

XSA-37 2013-01-04 16:00 2013-01-04 16:00 1 CVE-2013-0154 Hypervisor crash due to incorrect ASSERT (debug build only)

XSA-36 2013-02-05 12:00 2013-02-21 11:05 4 CVE-2013-0153 interrupt remap entries shared and old ones not cleared on AMD IOMMUs

XSA-35 2013-01-22 11:49 2013-01-23 18:28 4 CVE-2013-0152 Nested HVM exposes host to being driven out of memory by guest

XSA-34 2013-01-22 11:49 2013-01-22 11:49 2 CVE-2013-0151 nested virtualization on 32-bit exposes host crash

XSA-33 2013-01-08 12:00 2013-01-11 17:10 3 CVE-2012-5634 VT-d interrupt remapping source validation flaw

XSA-32 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5525 several hypercalls do not validate input GFNs

XSA-31 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5515 Several memory hypercall operations allow invalid extent order values

XSA-30 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5514 Broken error handling in guest_physmap_mark_populate_on_demand()

XSA-29 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5513 XENMEM_exchange may overwrite hypervisor memory

XSA-28 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5512 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak

XSA-27 2012-12-03 17:51 2013-01-17 12:17 5 CVE-2012-5511 CVE-2012-6333 several HVM operations do not validate the range of their inputs