Advisories, publicly released or pre-released

All times are in UTC. For general information about Xen and security see the Xen Project website and security policy.

Advisory Public release Updated Version CVE(s) Title
XSA-116 2015-01-06 12:00 assigned, but embargoed (Prereleased, but embargoed)
XSA-114 2014-12-08 12:00 2014-12-08 12:08 3 CVE-2014-9065 CVE-2014-9066 p2m lock starvation
XSA-113 2014-11-20 16:26 2014-11-21 12:25 2 CVE-2014-9030 Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
XSA-112 2014-11-27 11:25 2014-11-27 11:25 5 CVE-2014-8867 Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
XSA-111 2014-11-27 11:25 2014-11-27 11:25 3 CVE-2014-8866 Excessive checking in compatibility mode hypercall argument translation
XSA-110 2014-11-18 12:00 2014-11-18 12:23 3 CVE-2014-8595 Missing privilege level checks in x86 emulation of far branches
XSA-109 2014-11-18 12:00 2014-11-18 12:23 3 CVE-2014-8594 Insufficient restrictions on certain MMU update hypercalls
XSA-108 2014-10-01 12:00 2014-10-01 12:02 4 CVE-2014-7188 Improper MSR range used for x2APIC emulation
XSA-107 2014-09-09 12:30 2014-09-11 10:07 2 CVE-2014-6268 Mishandling of uninitialised FIFO-based event channel control blocks
XSA-106 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7156 Missing privilege level checks in x86 emulation of software interrupts
XSA-105 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7155 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
XSA-104 2014-09-23 12:00 2014-09-24 10:29 3 CVE-2014-7154 Race condition in HVMOP_track_dirty_vram
XSA-103 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5148 Flaw in handling unknown system register access from 64-bit userspace on ARM
XSA-102 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5147 Flaws in handling traps from 32-bit userspace on 64-bit ARM
XSA-101 2014-06-25 12:00 2014-06-30 14:22 3 CVE-2014-4022 information leak via gnttab_setup_table on ARM
XSA-100 2014-06-17 11:44 2014-06-17 11:44 3 CVE-2014-4021 Hypervisor heap contents leaked to guests
XSA-99 2014-06-17 11:44 2014-06-17 11:44 2 none (yet) assigned unexpected pitfall in xenaccess API
XSA-98 2014-06-04 12:00 2014-06-04 16:04 3 CVE-2014-3969 insufficient permissions checks accessing guest memory on ARM
XSA-97 2014-08-12 12:00 2014-08-12 13:02 3 CVE-2014-5146 CVE-2014-5149 Long latency virtual-mmu operations are not preemptible
XSA-96 2014-06-03 12:00 2014-06-04 16:03 3 CVE-2014-3967 CVE-2014-3968 Vulnerabilities in HVM MSI injection
XSA-95 2014-05-14 10:44 2014-05-16 10:34 3 CVE-2014-3714 CVE-2014-3715 CVE-2014-3716 CVE-2014-3717 input handling vulnerabilities loading guest kernel on ARM
XSA-94 2014-04-23 13:05 2014-04-23 15:12 2 CVE-2014-2986 ARM hypervisor crash on guest interrupt controller access
XSA-93 2014-04-22 15:05 2014-04-23 10:19 2 CVE-2014-2915 Hardware features unintentionally exposed to guests on ARM
XSA-92 2014-04-29 08:50 2014-05-01 10:52 3 CVE-2014-3124 HVMOP_set_mem_type allows invalid P2M entries to be created
XSA-91 2014-04-30 09:52 2014-05-01 10:52 3 CVE-2014-3125 Hardware timer context is not properly context switched on ARM
XSA-90 2014-03-24 13:00 2014-04-02 11:49 2 CVE-2014-2580 Linux netback crash trying to disable due to malformed packet
XSA-89 2014-03-25 12:00 2014-04-02 11:45 3 CVE-2014-2599 HVMOP_set_mem_access is not preemptible
XSA-88 2014-02-12 12:00 2014-02-12 17:04 3 CVE-2014-1950 use-after-free in xc_cpupool_getinfo() under memory pressure
XSA-87 2014-01-23 17:38 2014-01-24 15:37 2 CVE-2014-1666 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
XSA-86 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1896 libvchan failure handling malicious ring indexes
XSA-85 2014-02-06 12:00 2014-02-10 11:25 3 CVE-2014-1895 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
XSA-84 2014-02-06 12:00 2014-02-10 11:29 3 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 integer overflow in several XSM/Flask hypercalls
XSA-83 2014-01-23 12:00 2014-01-23 14:26 3 CVE-2014-1642 Out-of-memory condition yielding memory corruption during IRQ setup
XSA-82 2013-12-02 17:13 2014-02-19 16:54 4 CVE-2013-6885 Guest triggerable AMD CPU erratum may cause host hang
XSA-81 2013-11-27 13:21 - - Unused Xen Security Advisory number
XSA-80 2013-12-10 12:00 2013-12-10 12:58 3 CVE-2013-6400 IOMMU TLB flushing may be inadvertently suppressed
XSA-79 2013-11-27 13:20 - - Unused Xen Security Advisory number
XSA-78 2013-11-20 17:08 2013-11-21 11:32 2 CVE-2013-6375 Insufficient TLB flushing in VT-d (iommu) code
XSA-77 2013-12-10 12:00 2013-12-10 12:58 3 none (yet) assigned Disaggregated domain management security status
XSA-76 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4554 Hypercalls exposed to privilege rings 1 and 2 of HVM guests
XSA-75 2013-11-08 16:20 2013-11-11 11:42 2 CVE-2013-4551 Host crash due to guest VMX instruction execution
XSA-74 2013-11-26 12:00 2013-11-26 17:02 3 CVE-2013-4553 Lock order reversal between page_alloc_lock and mm_rwlock
XSA-73 2013-11-01 15:07 2013-11-04 13:15 3 CVE-2013-4494 Lock order reversal between page allocation and grant table locks
XSA-72 2013-10-29 12:00 2013-10-29 15:39 3 CVE-2013-4416 ocaml xenstored mishandles oversized message replies
XSA-71 2013-10-10 12:00 2013-10-10 12:28 2 CVE-2013-4375 qemu disk backend (qdisk) resource leak
XSA-70 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4371 use-after-free in libxl_list_cpupool under memory pressure
XSA-69 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4370 misplaced free in ocaml xc_vcpu_getaffinity stub
XSA-68 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4369 possible null dereference when parsing vif ratelimiting info
XSA-67 2013-10-10 12:00 2013-10-10 12:22 2 CVE-2013-4368 Information leak through outs instruction emulation
XSA-66 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4361 Information leak through fbld instruction emulation
XSA-65 2013-10-02 15:00 2013-10-02 16:23 2 CVE-2013-4344 qemu SCSI REPORT LUNS buffer overflow
XSA-64 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4356 Memory accessible by 64-bit PV guests under live migration
XSA-63 2013-09-30 10:04 2013-09-30 10:04 3 CVE-2013-4355 Information leaks through I/O instruction emulation
XSA-62 2013-09-24 12:00 2013-09-25 08:23 2 CVE-2013-1442 Information leak on AVX and/or LWP capable CPUs
XSA-61 2013-09-10 10:56 2013-09-11 12:13 2 CVE-2013-4329 libxl partially sets up HVM passthrough even with disabled iommu
XSA-60 2013-07-19 12:00 2014-02-19 16:54 6 CVE-2013-2212 Excessive time to disable caching with HVM guests with PCI passthrough
XSA-59 2013-08-20 12:00 2013-08-20 12:07 4 CVE-2013-3495 Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts
XSA-58 2013-06-26 12:00 2013-06-26 13:18 2 CVE-2013-1432 Page reference counting error due to XSA-45/CVE-2013-1918 fixes
XSA-57 2013-06-20 12:00 2013-06-26 10:37 4 CVE-2013-2211 libxl allows guest write access to sensitive console related xenstore keys
XSA-56 2013-05-17 12:00 2013-05-17 15:44 2 CVE-2013-2072 Buffer overflow in xencontrol Python bindings affecting xend
XSA-55 2013-06-03 16:18 2013-06-20 10:26 5 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 Multiple vulnerabilities in libelf PV kernel handling
XSA-54 2013-06-03 12:00 2014-06-03 12:23 4 CVE-2013-2078 Hypervisor crash due to missing exception recovery on XSETBV
XSA-53 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2077 Hypervisor crash due to missing exception recovery on XRSTOR
XSA-52 2013-06-03 12:00 2013-06-03 16:18 3 CVE-2013-2076 Information leak on XSAVE/XRSTOR capable AMD CPUs
XSA-51 2013-05-06 15:00 2013-05-06 21:18 2 CVE-2013-2007 qemu guest agent (qga) insecure file permissions
XSA-50 2013-04-18 15:16 2013-04-18 15:16 1 CVE-2013-1964 grant table hypercall acquire/release imbalance
XSA-49 2013-05-02 12:00 2013-05-02 14:27 2 CVE-2013-1952 VT-d interrupt remapping source validation flaw for bridges
XSA-48 2013-04-15 15:00 2013-04-15 15:00 2 CVE-2013-1922 qemu-nbd format-guessing due to missing format specification
XSA-47 2013-04-04 17:54 2013-04-04 17:54 1 CVE-2013-1920 Potential use of freed memory in event channel operations
XSA-46 2013-04-18 12:00 2013-04-18 13:35 3 CVE-2013-1919 Several access permission issues with IRQs for unprivileged guests
XSA-45 2013-05-02 12:00 2013-05-02 13:54 2 CVE-2013-1918 Several long latency operations are not preemptible
XSA-44 2013-04-18 12:00 2013-04-18 13:50 3 CVE-2013-1917 Xen PV DoS vulnerability with SYSENTER
XSA-43 2013-02-05 12:00 2013-02-05 12:59 2 CVE-2013-0231 Linux pciback DoS via not rate limited log messages.
XSA-42 2013-02-12 12:00 2013-02-13 16:49 2 CVE-2013-0228 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
XSA-41 2013-01-16 14:50 2013-01-17 12:17 2 CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets
XSA-40 2013-01-16 14:50 2013-01-16 14:50 1 CVE-2013-0190 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
XSA-39 2013-02-05 12:00 2013-02-05 12:59 2 CVE-2013-0216 CVE-2013-0217 Linux netback DoS via malicious guest ring.
XSA-38 2013-02-05 12:00 2013-02-15 11:40 3 CVE-2013-0215 oxenstored incorrect handling of certain Xenbus ring states
XSA-37 2013-01-04 16:00 2013-01-04 16:00 1 CVE-2013-0154 Hypervisor crash due to incorrect ASSERT (debug build only)
XSA-36 2013-02-05 12:00 2013-02-21 11:05 4 CVE-2013-0153 interrupt remap entries shared and old ones not cleared on AMD IOMMUs
XSA-35 2013-01-22 11:49 2013-01-23 18:28 4 CVE-2013-0152 Nested HVM exposes host to being driven out of memory by guest
XSA-34 2013-01-22 11:49 2013-01-22 11:49 2 CVE-2013-0151 nested virtualization on 32-bit exposes host crash
XSA-33 2013-01-08 12:00 2013-01-11 17:10 3 CVE-2012-5634 VT-d interrupt remapping source validation flaw
XSA-32 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5525 several hypercalls do not validate input GFNs
XSA-31 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5515 Several memory hypercall operations allow invalid extent order values
XSA-30 2012-12-03 17:51 2012-12-03 17:51 4 CVE-2012-5514 Broken error handling in guest_physmap_mark_populate_on_demand()
XSA-29 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5513 XENMEM_exchange may overwrite hypervisor memory
XSA-28 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5512 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
XSA-27 2012-12-03 17:51 2013-01-17 12:17 5 CVE-2012-5511 CVE-2012-6333 several HVM operations do not validate the range of their inputs
XSA-26 2012-12-03 17:51 2012-12-03 17:51 3 CVE-2012-5510 Grant table version switch list corruption vulnerability
Advisories before 26 are not listed here.
Xenproject.org Security Team