Xen Security Vulnerabilities (CVEs)

This Xen hypervisor vulnerability allows indirect branch predictor poisoning between guest tasks, breaking kernel-level isolation. It affects Xen-base...

This CVE describes an out-of-bounds write vulnerability in Xen's shadow mode tracing code where guest-controlled data can be written beyond allocated ...

This Xen hypervisor vulnerability allows a guest domain to retain access to 64-bit memory BARs (Base Address Registers) after PCI device detachment, c...

This vulnerability involves boundary checking bugs in Xen's handling of Viridian hypercalls, allowing out-of-bounds reads and writes. Attackers could ...

CVE-2025-58145 is a race condition vulnerability in Xen hypervisor's page table management where the P2M lock isn't properly held during page referenc...

This vulnerability is a deadlock condition in Xen's interrupt remapping code for legacy PCI(-X) devices. When exploited, it can cause system instabili...

This CVE describes a deadlock vulnerability in the Xen hypervisor's VGA memory access acceleration code for HVM guests. When emulating certain instruc...

This CVE describes a vulnerability in Xen hypervisor's memory mapping logic for PCI devices with Reserved Memory Regions (RMRR) or Unity Mapping range...

This vulnerability in Xen's x86 APIC implementation allows a malicious guest VM to trigger a deadlock in the hypervisor by configuring error interrupt...

A Xen hypervisor vulnerability where HVM guests can set register values outside expected ranges during hypercall continuations, triggering a hyperviso...

This CVE-2024-31142 vulnerability involves a logical error in Xen's XSA-407 mitigation for Branch Type Confusion, causing the protection to not apply ...

This Xen hypervisor vulnerability allows a malicious PV guest to crash the host system by exploiting a race condition in shadow paging memory manageme...

CVE-2023-34325 is a stack buffer overflow vulnerability in Xen's libfsimage library, derived from old grub-legacy code. Attackers with access to guest...

The AdSanity WordPress plugin up to version 1.8.1 contains a vulnerability that allows authenticated users with Contributor-level permissions or highe...

This CVE describes a use-after-free vulnerability in Xen's shadow mode with log-dirty mode enabled. It allows a malicious guest VM to crash the hyperv...

This CVE describes a race condition vulnerability in Xen's VT-d (Virtualization Technology for Directed I/O) domain ID cleanup mechanism. It allows at...

This vulnerability affects systems with Intel VT-d or AMD-Vi IOMMU technology when certain PCI devices use reserved memory regions. It allows DMA or i...

This vulnerability affects systems using Intel VT-d or AMD-Vi IOMMU technologies where PCI devices have Reserved Memory Regions (RMRR) or Unity Mappin...

Multiple race condition vulnerabilities in Linux PV device frontends allow malicious Xen backends to maintain unauthorized access to guest memory page...

This CVE (CVE-2022-23038) is part of a series of vulnerabilities affecting Linux PV device frontends in Xen virtualization. It allows malicious or com...

Multiple race condition vulnerabilities in Linux PV device frontends allow malicious Xen backends to maintain unauthorized access to guest memory page...

CVE-2022-23042 is a race condition vulnerability in Linux Xen PV netfront driver where a malicious backend can trigger a BUG_ON() assertion failure, c...

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to memory pages after returning them to Xen, potential...

This Xen hypervisor vulnerability allows guest virtual machines to retain access to memory pages after they've been deallocated and potentially reused...

This vulnerability in Xen hypervisor allows x86 HVM and PVH guests to cause memory corruption through improper error handling in partially successful ...

CVE-2021-28706 is an integer overflow vulnerability in Xen hypervisor memory management that allows virtual machine guests to exceed their allocated m...

This vulnerability in Xen hypervisor allows x86 HVM and PVH guests to crash the host system through misaligned page operations in populate-on-demand m...

This vulnerability in Xen's VT-d IOMMU implementation allows a guest virtual machine to write to leaf page table entries when sharing page tables with...

This vulnerability allows PCI devices with Reserved Memory Region Reporting (RMRR) to be improperly deassigned when passed through to virtual machine ...

CVE-2021-28701 is a race condition vulnerability in Xen's grant table v2 status page handling that allows guest VMs to retain access to freed memory p...

This Xen hypervisor vulnerability allows guest virtual machines to retain access to freed memory pages after switching from grant table v2 to v1. A ra...