7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Use after free of paging structures in EPT
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions.
References
Affected products
- ==consult Xen advisory XSA-480
Matching in nixpkgs
pkgs.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.xenon
Monitoring tool based on radon
pkgs.hhexen
Linux port of Raven Game's Hexen
pkgs.lexend
Variable font family designed to aid in reading proficiency
-
nixos-unstable 0.pre+date=2022-09-22
- nixpkgs-unstable 0.pre+date=2022-09-22
- nixos-unstable-small 0.pre+date=2022-09-22
-
nixos-25.11 0.pre+date=2022-09-22
- nixos-25.11-small 0.pre+date=2022-09-22
- nixpkgs-25.11-darwin 0.pre+date=2022-09-22
pkgs.uhexen2
Cross-platform port of Hexen II game
pkgs.qemu_xen
Generic and open source machine emulator and virtualizer
pkgs.xenomapper
Utility for post processing mapped reads that have been aligned to a primary genome and a secondary genome and binning reads into species specific, multimapping in each species, unmapped and unassigned bins
pkgs.nxengine-evo
Complete open-source clone/rewrite of the masterpiece jump-and-run platformer Doukutsu Monogatari (also known as Cave Story)
pkgs.xenia-canary
Xbox 360 Emulator Research Project
-
nixos-unstable 0-unstable-2026-02-16
- nixpkgs-unstable 0-unstable-2026-02-16
- nixos-unstable-small 0-unstable-2026-02-16
-
nixos-25.11 0-unstable-2025-11-22
- nixos-25.11-small 0-unstable-2025-11-22
- nixpkgs-25.11-darwin 0-unstable-2025-11-22
pkgs.xen-guest-agent
Xen agent running in Linux/BSDs (POSIX) VMs
-
nixos-unstable 0.4.0-unstable-2024-05-31
- nixpkgs-unstable 0.4.0-unstable-2024-05-31
- nixos-unstable-small 0.4.0-unstable-2024-05-31
-
nixos-25.11 0.4.0-unstable-2024-05-31
- nixos-25.11-small 0.4.0-unstable-2024-05-31
- nixpkgs-25.11-darwin 0.4.0-unstable-2024-05-31
pkgs.libretro.nxengine
NXEngine libretro port
-
nixos-unstable 0-unstable-2024-10-21
- nixpkgs-unstable 0-unstable-2024-10-21
- nixos-unstable-small 0-unstable-2024-10-21
-
nixos-25.11 0-unstable-2024-10-21
- nixos-25.11-small 0-unstable-2024-10-21
- nixpkgs-25.11-darwin 0-unstable-2024-10-21
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
pkgs.hunspellDicts.eu-es
Basque (Xuxen 5)
-
nixos-unstable 5-2015.11.10
- nixpkgs-unstable 5-2015.11.10
- nixos-unstable-small 5-2015.11.10
-
nixos-25.11 5-2015.11.10
- nixos-25.11-small 5-2015.11.10
- nixpkgs-25.11-darwin 5-2015.11.10
pkgs.hunspellDicts.eu_ES
Basque (Xuxen 5)
-
nixos-unstable 5-2015.11.10
- nixpkgs-unstable 5-2015.11.10
- nixos-unstable-small 5-2015.11.10
-
nixos-25.11 5-2015.11.10
- nixos-25.11-small 5-2015.11.10
- nixpkgs-25.11-darwin 5-2015.11.10
pkgs.haskellPackages.xeno
A fast event-based XML parser in pure Haskell
pkgs.python312Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.python313Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.python314Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.ocamlPackages.xenstore
Xenstore protocol in pure OCaml
pkgs.ocamlPackages.mirage-xen
Xen core platform libraries for MirageOS
pkgs.haskellPackages.xenomorph
None
pkgs.haskellPackages.xmlbf-xeno
xeno backend support for the xmlbf library
pkgs.nltk-data.maxent-ne-chunker
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-25.11 0-unstable-2024-07-29
- nixos-25.11-small 0-unstable-2024-07-29
- nixpkgs-25.11-darwin 0-unstable-2024-07-29
pkgs.ocamlPackages.xenstore-tool
Command line tool for interfacing with xenstore
pkgs.ocamlPackages.mirage-net-xen
Network device for reading and writing Ethernet frames via then Xen netfront/netback protocol
pkgs.python312Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.python313Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.python314Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.ocamlPackages_latest.xenstore
Xenstore protocol in pure OCaml
pkgs.nltk-data.maxent-ne-chunker-tab
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-25.11 0-unstable-2024-07-29
- nixos-25.11-small 0-unstable-2024-07-29
- nixpkgs-25.11-darwin 0-unstable-2024-07-29
pkgs.ocamlPackages_latest.mirage-xen
Xen core platform libraries for MirageOS
pkgs.ocamlPackages.mirage-bootvar-xen
Handle boot-time arguments for Xen platform
pkgs.ocamlPackages.xenstore_transport
Low-level libraries for connecting to a xenstore service on a xen host
pkgs.ocamlPackages_latest.xenstore-tool
Command line tool for interfacing with xenstore
pkgs.ocamlPackages_latest.mirage-net-xen
Network device for reading and writing Ethernet frames via then Xen netfront/netback protocol
pkgs.nltk-data.maxent-treebank-pos-tagger
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-25.11 0-unstable-2024-07-29
- nixos-25.11-small 0-unstable-2024-07-29
- nixpkgs-25.11-darwin 0-unstable-2024-07-29
pkgs.ocamlPackages_latest.mirage-bootvar-xen
Handle boot-time arguments for Xen platform
pkgs.ocamlPackages_latest.xenstore_transport
Low-level libraries for connecting to a xenstore service on a xen host
pkgs.nltk-data.maxent-treebank-pos-tagger-tab
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-25.11 0-unstable-2024-07-29
- nixos-25.11-small 0-unstable-2024-07-29
- nixpkgs-25.11-darwin 0-unstable-2024-07-29
Package maintainers
-
@djanatyn Jonathan Strickland <djanatyn@gmail.com>
-
@majiru Jacob Moody <moody@posixcafe.org>
-
@umazalakain Uma Zalakain <ping@umazalakain.info>
-
@fufexan Fufezan Mihai <fufexan@protonmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@thiagokokada Thiago K. Okada <thiagokokada@gmail.com>
-
@hrdinka Christoph Hrdinka <c.nix@hrdinka.at>
-
@drewrisinger Drew Risinger <drisinger+nixpkgs@gmail.com>
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@hehongbo Hongbo
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@xdHampus Hampus
-
@jbedo Justin Bedő <cu@cua0.org>
-
@jfvillablanca Jann Marc Villablanca <jmfv.dev@gmail.com>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@bengsparks Ben Sparks <benjamin.sparks@protonmail.com>
-
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
-
@tuxy Binh Nguyen <lastpass7565@gmail.com>