Kvm Security Vulnerabilities

CVE-2023-4135

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can...

CVE-2023-0188

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of...

CVE-2023-0192

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information...

CVE-2023-0197

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of...

CVE-2023-0198

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data...

CVE-2023-0191

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data...

CVE-2023-0183

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data...

CVE-2023-0185

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information...

CVE-2023-0180

NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information...

CVE-2023-0181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data...

CVE-2022-4636

Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file...

CVE-2018-10839

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in...

CVE-2018-1087

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch.....

CVE-2011-2512

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a...

CVE-2011-4622

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of...

CVE-2012-0029

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode...

CVE-2010-0431

QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain...

CVE-2010-2784

The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest.....

CVE-2010-0435

The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction...

CVE-2010-0419

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging.....

CVE-2010-0306

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges.....

CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an...

CVE-2008-2382

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain...