Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-19578

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Dec, 2019 | 16:53
Updated At-05 Aug, 2024 | 02:16
Rejected At-
Credits

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Dec, 2019 | 16:53
Updated At:05 Aug, 2024 | 02:16
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://xenbits.xen.org/xsa/advisory-309.html
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
vendor-advisory
x_refsource_SUSE
https://www.debian.org/security/2020/dsa-4602
vendor-advisory
x_refsource_DEBIAN
https://seclists.org/bugtraq/2020/Jan/21
mailing-list
x_refsource_BUGTRAQ
https://security.gentoo.org/glsa/202003-56
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://xenbits.xen.org/xsa/advisory-309.html
Resource:
x_refsource_MISC
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.debian.org/security/2020/dsa-4602
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://seclists.org/bugtraq/2020/Jan/21
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://security.gentoo.org/glsa/202003-56
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://xenbits.xen.org/xsa/advisory-309.html
x_refsource_MISC
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://www.debian.org/security/2020/dsa-4602
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://seclists.org/bugtraq/2020/Jan/21
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://security.gentoo.org/glsa/202003-56
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://xenbits.xen.org/xsa/advisory-309.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.debian.org/security/2020/dsa-4602
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://seclists.org/bugtraq/2020/Jan/21
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202003-56
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Dec, 2019 | 18:16
Updated At:07 Nov, 2023 | 03:07

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Xen Project
xen
>>xen>>Versions up to 4.12.1(inclusive)
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
Fedora Project
fedoraproject
>>fedora>>31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-682Primarynvd@nist.gov
CWE ID: CWE-682
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.htmlcve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/cve@mitre.org
N/A
https://seclists.org/bugtraq/2020/Jan/21cve@mitre.org
N/A
https://security.gentoo.org/glsa/202003-56cve@mitre.org
N/A
https://www.debian.org/security/2020/dsa-4602cve@mitre.org
N/A
https://xenbits.xen.org/xsa/advisory-309.htmlcve@mitre.org
Patch
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2020/Jan/21
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202003-56
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.debian.org/security/2020/dsa-4602
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://xenbits.xen.org/xsa/advisory-309.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

160Records found

CVE-2017-7228
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-1.57% / 72.34%
||
7 Day CHG~0.00%
Published-04 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-3847
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.45% / 36.25%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kernelkernel
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-37576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 43.23%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 21:35
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4008
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.56% / 42.79%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectX.Org Foundation
Product-debian_linuxfedorax_serverxorg-x11-server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17045
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.35%
||
7 Day CHG~0.00%
Published-28 Nov, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-416
Use After Free
CVE-2021-3656
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.66% / 46.97%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 18:41
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_serversoftware_collectionsenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_ausopenstackvirtualization_hostenterprise_linux3scale_api_managemententerprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_desktopcodeready_linux_builderenterprise_linux_for_scientific_computinglinux_kernelenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_workstationfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_real_timeenterprise_linux_for_power_big_endianKVM
CWE ID-CWE-862
Missing Authorization
CVE-2017-15592
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.57%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2017-15595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.55% / 71.99%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-14316
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 32.88%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14319
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 32.88%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CVE-2021-3612
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.69% / 48.18%
||
7 Day CHG-0.01%
Published-09 Jul, 2021 | 10:33
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-h300eh500scloud_backupenterprise_linuxh300s_firmwareh410c_firmwarecommunications_cloud_native_core_network_exposure_functionh410sh300scommunications_cloud_native_core_policysolidfire_baseboard_management_controllerh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwarecommunications_cloud_native_core_binding_support_functionh700eh410ch700e_firmwaresolidfire_baseboard_management_controller_firmwareh700skernel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-12137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 35.08%
||
7 Day CHG~0.00%
Published-24 Aug, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

Action-Not Available
Vendor-n/aXen ProjectDebian GNU/LinuxCitrix (Cloud Software Group, Inc.)
Product-debian_linuxxenxenservern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-3472
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.05% / 60.10%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 14:29
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectX.Org FoundationRed Hat, Inc.
Product-enterprise_linuxdebian_linuxfedorax_serverxorg-x11-server
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2016-9383
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.44%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 30.15%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Action-Not Available
Vendor-selinux_projectn/aFedora ProjectRed Hat, Inc.
Product-enterprise_linux_workstationenterprise_linux_serverselinuxenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_hpc_nodefedoran/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7543
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.58% / 43.29%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Action-Not Available
Vendor-n/aFedora ProjectGNU
Product-bashfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.43% / 34.17%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CVE-2016-7154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.50% / 39.28%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-416
Use After Free
CVE-2016-6258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 32.03%
||
7 Day CHG-0.00%
Published-02 Aug, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5195
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7||HIGH
EPSS-83.52% / 99.65%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 21:00
Updated-21 Apr, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.NetApp, Inc.Red Hat, Inc.Debian GNU/LinuxCanonical Ltd.Fedora ProjectLinux Kernel Organization, Inc
Product-enterprise_linux_eusdebian_linuxubuntu_linuxontap_select_deploy_administration_utilityoncommand_performance_managerenterprise_linux_tusoncommand_balancefedorasnapprotectlinux_kernelenterprise_linux_ausoncommand_unified_manager_for_clustered_data_ontappan-ossolidfirehci_storage_nodescloud_backupenterprise_linux_long_lifeenterprise_linuxn/aKernel
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-4480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 41.57%
||
7 Day CHG-0.01%
Published-18 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Action-Not Available
Vendor-n/aXen ProjectOracle Corporation
Product-vm_serverxenn/a
CVE-2016-3960
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 36.35%
||
7 Day CHG-0.00%
Published-19 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Action-Not Available
Vendor-n/aXen ProjectOracle CorporationFedora Project
Product-vm_serverxenfedoran/a
CVE-2016-3096
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.15%
||
7 Day CHG~0.00%
Published-03 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.
Product-ansiblefedoran/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2016-3157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.90%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

Action-Not Available
Vendor-n/aXen ProjectCanonical Ltd.
Product-ubuntu_linuxxenn/a
CVE-2016-1238
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.78% / 51.41%
||
7 Day CHG~0.00%
Published-02 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Action-Not Available
Vendor-perln/aopenSUSEThe Apache Software FoundationDebian GNU/LinuxFedora Project
Product-spamassassindebian_linuxleapperlfedoran/a
CVE-2016-1247
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-4.86% / 90.97%
||
7 Day CHG~0.00%
Published-29 Nov, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

Action-Not Available
Vendor-n/aCanonical Ltd.F5, Inc.Debian GNU/LinuxFedora Project
Product-nginxdebian_linuxubuntu_linuxfedoran/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-3543
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.30% / 21.85%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 13:20
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

Action-Not Available
Vendor-nitro_enclaves_projectn/aRed Hat, Inc.Fedora Project
Product-nitro_enclavesenterprise_linuxfedorakernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-8338
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.42% / 33.74%
||
7 Day CHG-0.00%
Published-17 Dec, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CVE-2015-7496
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.54%
||
7 Day CHG~0.00%
Published-24 Nov, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.

Action-Not Available
Vendor-n/aThe GNOME ProjectFedora Project
Product-gnome_display_managerfedoran/a
CVE-2015-7504
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.64% / 46.32%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Action-Not Available
Vendor-n/aXen ProjectQEMUDebian GNU/Linux
Product-debian_linuxxenqemun/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-7835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.36%
||
7 Day CHG~0.00%
Published-30 Oct, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5704
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.53% / 40.70%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

Action-Not Available
Vendor-devscripts_devel_teamn/aFedora Project
Product-devscriptsfedoran/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-6566
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.43% / 34.97%
||
7 Day CHG~0.00%
Published-11 Jan, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.

Action-Not Available
Vendor-zarafan/aFedora Project
Product-zarafa_collaboration_platformfedoran/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-42309
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-8.8||HIGH
EPSS-0.27% / 18.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2015-5166
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.28%
||
7 Day CHG~0.00%
Published-12 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

Action-Not Available
Vendor-n/aXen ProjectFedora Project
Product-xenfedoran/a
CVE-2015-4819
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-0.45% / 36.05%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopsolarisenterprise_linux_server_euslinuxfedoraenterprise_linux_hpc_nodeenterprise_linux_server_ausenterprise_linux_hpc_node_eusn/a
CVE-2015-5154
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.63% / 45.76%
||
7 Day CHG~0.00%
Published-12 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Action-Not Available
Vendor-n/aQEMUSUSEXen ProjectFedora Project
Product-linux_enterprise_desktopqemususe_linux_enterprise_serverlinux_enterprise_debuginfolinux_enterprise_serverxenfedoralinux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5225
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.53% / 41.07%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Action-Not Available
Vendor-n/aRed Hat, Inc.QEMUFedora Project
Product-openstackqemufedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2151
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.57% / 43.00%
||
7 Day CHG~0.00%
Published-12 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aXen ProjectDebian GNU/LinuxFedora Project
Product-debian_linuxxenfedoran/a
CVE-2021-33909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.81% / 94.97%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 18:01
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Action-Not Available
Vendor-n/aFedora ProjectSonicWall Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxlinux_kernelhci_management_nodefedorasma1000_firmwarecommunications_session_border_controllersma1000solidfiren/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-8835
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-6.06% / 92.51%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 18:00
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel bpf verifier vulnerability

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Action-Not Available
Vendor-Linux kernelNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxa700s_firmwarea320_firmwarecloud_backupa400_firmwarefas2720fas2720_firmwareh300s_firmwareh410sc190h610s_firmwareh300ssteelstore_cloud_integrated_storageh300e_firmwareh610s8700fas2750_firmwarefas2750h500ehci_management_nodefedorah500s_firmwareh500e_firmwarea700sa220h700e8700_firmwareh610c_firmwareh610ch300ea800h500sh615c_firmwarea3208300_firmwaresolidfire8300a800_firmwarelinux_kernela400h410s_firmwareh700s_firmwarec190_firmwarea220_firmwareh700e_firmwareh615ch700sLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3347
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 68.73%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 16:56
Updated-25 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-linux_kernelfedoradebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2014-9114
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 46.55%
||
7 Day CHG~0.00%
Published-31 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSELinux Kernel Organization, Inc
Product-util-linuxopensusefedoran/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2014-7272
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 32.74%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 20:00
Updated-06 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).

Action-Not Available
Vendor-sddm_projectn/aFedora Project
Product-fedorasddmn/a
CWE ID-CWE-264
Not Available
CVE-2021-32606
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.61%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2021-33200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 29.66%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h300eh500scloud_backupsolidfire_\&_hci_management_nodeh300s_firmwareh410sh300ssolidfire_baseboard_management_controllerh300e_firmwarelinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh700e_firmwareh700sn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-3499
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.25%
||
7 Day CHG~0.00%
Published-11 Jul, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aDocker, Inc.Fedora Project
Product-dockerfedoran/a
CVE-2025-58150
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-8.8||HIGH
EPSS-0.13% / 2.75%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 15:33
Updated-09 Feb, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
x86: buffer overrun with shadow paging + tracing

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

Action-Not Available
Vendor-Xen Project
Product-xenXen
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3156
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-99.30% / 99.93%
||
7 Day CHG-0.01%
Published-26 Jan, 2021 | 00:00
Updated-10 Nov, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-27||Apply updates per vendor instructions.

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Action-Not Available
Vendor-sudo_projectn/aSudoDebian GNU/LinuxNetApp, Inc.McAfee, LLCOracle CorporationSynology, Inc.Fedora ProjectBeyondTrust Corporation
Product-micros_es400diskstation_manager_unified_controllercloud_backupweb_gatewayskynas_firmwarevs960hd_firmwaredebian_linuxmicros_workstation_6_firmwaresudomicros_es400_firmwarefedoraprivilege_management_for_unix\/linuxontap_select_deploy_administration_utilityactive_iq_unified_managermicros_workstation_5a_firmwaremicros_compact_workstation_3_firmwaremicros_kitchen_display_systemprivilege_management_for_macsolidfiremicros_compact_workstation_3oncommand_unified_manager_core_packagediskstation_managervs960hdhci_management_nodeontap_toolsmicros_workstation_6communications_performance_intelligence_centermicros_kitchen_display_system_firmwaretekelec_platform_distributionmicros_workstation_5askynasn/aSudo
CWE ID-CWE-193
Off-by-one Error
CVE-2021-29154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 56.29%
||
7 Day CHG-0.01%
Published-08 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Fedora ProjectDebian GNU/Linux
Product-h300eh500scloud_backuph300s_firmwareh410sh300ssolidfireh300e_firmwaredebian_linuxlinux_kernelh500ehci_management_nodeh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh700e_firmwareh700sn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found