Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/136107?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/136107?format=api", "purl": "pkg:deb/debian/xen@4.11.4%2B24-gddaaccbbab-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "xen", "version": "4.11.4+24-gddaaccbbab-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.14.0+80-gd101b417b7-1", "latest_non_vulnerable_version": "4.20.2+7-g1badcf5035-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106401?format=api", "vulnerability_id": "VCID-2kbw-432a-9yax", "summary": "An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17726", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17804", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17798", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851472", "reference_id": "1851472", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851472" }, { "reference_url": "https://security.gentoo.org/glsa/202007-02", "reference_id": "GLSA-202007-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-02" }, { "reference_url": "https://usn.ubuntu.com/5617-1/", "reference_id": "USN-5617-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5617-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-328.html", "reference_id": "XSA-328", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-328.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136107?format=api", "purl": "pkg:deb/debian/xen@4.11.4%2B24-gddaaccbbab-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.11.4%252B24-gddaaccbbab-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15567", "XSA-328" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kbw-432a-9yax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106399?format=api", "vulnerability_id": "VCID-66yt-mbde-wbar", "summary": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15565.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15565.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22947", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23029", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23015", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851475", "reference_id": "1851475", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851475" }, { "reference_url": "https://security.gentoo.org/glsa/202007-02", "reference_id": "GLSA-202007-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-02" }, { "reference_url": "https://usn.ubuntu.com/5617-1/", "reference_id": "USN-5617-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5617-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-321.html", "reference_id": "XSA-321", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-321.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136107?format=api", "purl": "pkg:deb/debian/xen@4.11.4%2B24-gddaaccbbab-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.11.4%252B24-gddaaccbbab-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15565", "XSA-321" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66yt-mbde-wbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106400?format=api", "vulnerability_id": "VCID-p7cw-6jy5-cuct", "summary": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17442", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1752", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17515", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851474", "reference_id": "1851474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851474" }, { "reference_url": "https://security.gentoo.org/glsa/202007-02", "reference_id": "GLSA-202007-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-02" }, { "reference_url": "https://usn.ubuntu.com/5617-1/", "reference_id": "USN-5617-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5617-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-317.html", "reference_id": "XSA-317", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-317.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136107?format=api", "purl": "pkg:deb/debian/xen@4.11.4%2B24-gddaaccbbab-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.11.4%252B24-gddaaccbbab-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15566", "XSA-317" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7cw-6jy5-cuct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106397?format=api", "vulnerability_id": "VCID-t63m-cstk-2khv", "summary": "An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15563.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22837", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22918", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22902", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851471", "reference_id": "1851471", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851471" }, { "reference_url": "https://security.gentoo.org/glsa/202007-02", "reference_id": "GLSA-202007-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-02" }, { "reference_url": "https://usn.ubuntu.com/5617-1/", "reference_id": "USN-5617-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5617-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-319.html", "reference_id": "XSA-319", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-319.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136107?format=api", "purl": "pkg:deb/debian/xen@4.11.4%2B24-gddaaccbbab-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.11.4%252B24-gddaaccbbab-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15563", "XSA-319" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t63m-cstk-2khv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106398?format=api", "vulnerability_id": "VCID-znj1-8ney-4fb5", "summary": "An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15564.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15564.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23892", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23987", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2397", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851470", "reference_id": "1851470", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851470" }, { "reference_url": "https://security.gentoo.org/glsa/202007-02", "reference_id": "GLSA-202007-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-02" }, { "reference_url": "https://usn.ubuntu.com/5617-1/", "reference_id": "USN-5617-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5617-1/" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-327.html", "reference_id": "XSA-327", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-327.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136107?format=api", "purl": "pkg:deb/debian/xen@4.11.4%2B24-gddaaccbbab-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.11.4%252B24-gddaaccbbab-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15564", "XSA-327" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znj1-8ney-4fb5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.11.4%252B24-gddaaccbbab-1%3Fdistro=trixie" }