xen

496 tracked vulnerabilities.

CVE-2026-23558 HIGH
grant table v2 race in status page mapping
May 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-23557 MEDIUM
Xenstored DoS via XS_RESET_WATCHES command
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23555 HIGH
Xenstored DoS by unprivileged domain
Mar 23, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-23554 HIGH
Use after free of paging structures in EPT
Mar 23, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-23553 LOW
Xen >=4.6.0 - Improper Branch Target Buffer Isolation via IBPB Skip
Jan 28, 2026
CVSS 2.9
EPSS 0.00
CVE-2025-58150 HIGH
Xen - Out-of-bounds Write in Shadow Mode Tracing Code
Jan 28, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-58149 HIGH
Xen >=4.0.0 - Use-After-Free in PCI Device Detach Logic
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58148 HIGH
Xen >=4.15.0 - Out-of-bounds Read and Write via Viridian Hypercall vCPU Mask Processing
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58147 HIGH
Xen >=4.15.0 - Out-of-bounds Read and Write via Viridian Hypercall vCPU Mask Handling
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58145 HIGH
Xen 4.12.0-4.16.x - Race Condition in Page Mapping
Sep 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58144 HIGH
Xen 4.12.0-4.16.x - NULL Pointer Dereference in Page Mapping
Sep 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58143 CRITICAL
Xen 4.13.0-4.16.x - Race Condition in Viridian Reference TSC Page Mapping
Sep 11, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-58142 CRITICAL
Xen 4.13.0-4.16.x - NULL Pointer Dereference in Viridian Guest Memory Handling
Sep 11, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-27466 CRITICAL
Xen 4.13.0-4.16.x - NULL Pointer Dereference in Viridian Guest Memory Handling
Sep 11, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-1713 HIGH
Xen >=4.0.0 - Deadlock via Legacy PCI Device Interrupt Remapping
Jul 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-27465 MEDIUM
Xen >= 4.9.0 - Denial of Service via Exception Handling in Replayed Instruction Emulation
Jul 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-31144 LOW
Xapi 1.249.0-1.249.36 - Unauthenticated Metadata Backup Manipulation via VDI UUID Sorting
Feb 14, 2025
CVSS 3.8
EPSS 0.00
CVE-2024-2201 MEDIUM
Linux Kernel < unknown - Info Disclosure
Dec 19, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-45819 MEDIUM
Xen >= 4.8.0 - Information Exposure via Uninitialized Memory in PVH Guest ACPI Table Construction
Dec 19, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-45818 MEDIUM
Xen 4.6.0-4.19.x - Denial of Service via VGA Memory Access Deadlock
Dec 19, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45817 HIGH
Xen >= 4.5.0 - Denial of Service via APIC Error Interrupt Deadlock
Sep 25, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-31146 HIGH
Xen - Uncontrolled Resource Consumption via Shared Device Resources
Sep 25, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-31145 HIGH
Xen >=4.0.0 - Uncontrolled Resource Consumption in PCI Device Memory Mapping
Sep 25, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-31143 HIGH
Xen >=4.4.0 - Use-After-Free in PCI MSI Multiple Message Error Handling
Jul 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-31142 HIGH
Xen < 4.15.6 - Protection Mechanism Failure in XSA-407 and XSA-434 Mitigation
May 16, 2024
CVSS 7.5
EPSS 0.03
Products
xen 490 Xen 6 xapi 3 qemu 1 xen-unstable 1 xen_flask_module 1
Quick Filters
Critical CVEs With Exploits In CISA KEV