Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xen — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting Xen. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xen serves as a foundational open-source hypervisor, enabling hardware virtualization for cloud infrastructure and enterprise server consolidation. Its architecture, which isolates guest operating systems within a privileged domain, has historically attracted diverse exploitation attempts. Security audits reveal a prevalence of remote code execution and buffer overflow vulnerabilities, often stemming from complex memory management in the virtualization layer. Additionally, privilege escalation flaws have been documented, allowing compromised guests to potentially breach the host environment. While Xen itself is robust, its integration with other software components has occasionally led to supply chain risks. Major incidents remain relatively contained compared to broader ecosystem failures, yet the sheer volume of recorded CVEs underscores the critical need for rigorous patch management. Continuous monitoring of kernel updates and strict access controls remain essential for maintaining the integrity of virtualized environments relying on this technology.

Top products by Xen: xen
CVE IDTitleCVSSSeverityPublished
CVE-2026-23555 Xenstored DoS by unprivileged domain — Xen 7.7AIHighAI2026-03-23
CVE-2026-23554 Use after free of paging structures in EPT — Xen 6.8AIMediumAI2026-03-23
CVE-2026-23553 x86: incomplete IBPB for vCPU isolation — Xen 7.5AIHighAI2026-01-28
CVE-2025-58150 x86: buffer overrun with shadow paging + tracing — Xen 8.8AIHighAI2026-01-28
CVE-2025-58149 Incorrect removal of permissions on PCI device unplug — Xen 9.1 -2025-10-31
CVE-2025-58147 x86: Incorrect input sanitisation in Viridian hypercalls — Xen 7.8 -2025-10-31
CVE-2025-58148 x86: Incorrect input sanitisation in Viridian hypercalls — Xen 7.8 -2025-10-31
CVE-2025-58145 Arm issues with page refcounting — Xen 7.1AIHighAI2025-09-11
CVE-2025-58144 Arm issues with page refcounting — Xen 7.1AIHighAI2025-09-11
CVE-2025-27466 Mutiple vulnerabilities in the Viridian interface — Xen 5.1AIMediumAI2025-09-11
CVE-2025-58143 Mutiple vulnerabilities in the Viridian interface — Xen 5.1AIMediumAI2025-09-11
CVE-2025-58142 Mutiple vulnerabilities in the Viridian interface — Xen 5.1AIMediumAI2025-09-11
CVE-2025-1713 deadlock potential with VT-d and legacy PCI device pass-through — Xen 6.5AIMediumAI2025-07-17
CVE-2025-27465 x86: Incorrect stubs exception handling for flags recovery — Xen 6.2AIMediumAI2025-07-16
CVE-2024-2201 CVE-2024-2201 — Xen 6.2AIMediumAI2024-12-19
CVE-2024-45819 libxl leaks data to PVH guests via ACPI tables — Xen 7.1 -2024-12-19
CVE-2024-45818 Deadlock in x86 HVM standard VGA handling — Xen 6.5 -2024-12-19
CVE-2024-45817 x86: Deadlock in vlapic_error() — Xen 5.5AIMediumAI2024-09-25
CVE-2024-31146 PCI device pass-through with shared resources — Xen 8.1AIHighAI2024-09-25
CVE-2024-31145 error handling in x86 IOMMU identity mapping — Xen 7.1AIHighAI2024-09-25
CVE-2024-31143 double unlock in x86 guest IRQ handling — Xen 5.5AIMediumAI2024-07-18
CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations — Xen 6.2 -2024-05-16
CVE-2023-46842 x86 HVM hypercalls may trigger Xen bug check — Xen 7.5AIHighAI2024-05-16
CVE-2023-46841 x86: shadow stack vs exceptions from emulation stubs — Xen 7.8AIHighAI2024-03-20
CVE-2023-46840 VT-d: Failure to quarantine devices in !HVM builds — Xen 7.8AIHighAI2024-03-20
CVE-2023-46839 pci: phantom functions assigned to incorrect contexts — Xen 5.9 -2024-03-20
CVE-2023-46837 arm32: The cache may not be properly cleaned/invalidated (take two) — Xen 6.1AIMediumAI2024-01-05
CVE-2023-46836 x86: BTC/SRSO fixes not fully effective — Xen 9.1AICriticalAI2024-01-05
CVE-2023-46835 x86/AMD: mismatch in IOMMU quarantine page table levels — Xen 8.4AIHighAI2024-01-05
CVE-2023-34327 x86/AMD: Debug Mask handling — Xen 5.5 -2024-01-05

This page lists every published CVE security advisory associated with Xen. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.