26 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
Guests running on Arm can cause Denial of Service DoS attacks on Dom0 through PV devices. When mapping memory pages of guests on Arm, Dom0 uses an rbtree to keep track of the foreign mappings. The update of this rbtree does not always occur completely with the relevant lock held, resulting in a...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.10.1, as used with Xen up to version 4.14.x. The Linux kernel’s PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when the thread is stopped. However, the handler may not have enough time to execute if the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001341)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001341 advisory. An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004077)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004077 advisory. An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the...
EUVD-2020-21931
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414401)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414401 advisory. Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that...
SUSE CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the...
Guest triggered use-after-free in Linux xen-netback
ISSUE DESCRIPTION A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9038 advisory. - netfilter: add and use nfhookslowlist Florian Westphal Orabug: 32372530 CVE-2021-20177 - target: fix XCOPY NAA identifier lookup David Disseldorp...
DEBIAN-CVE-2021-28039
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9007 advisory. - xen-blkback: set ring-xenblkd to NULL after kthreadstop Pawel Wieczorkiewicz Orabug: 32260252 CVE-2020-29569 - xenbus/xenbusbackend: Disallow...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4680-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4680-1 advisory. It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4679-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4679-1 advisory. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose...
UBUNTU-CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the...
CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the...
CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the...
Use after free triggered by block frontend in Linux blkback
ISSUE DESCRIPTION The Linux kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggle between the states connect and disconnect. As a consequence, the block backend may re-use ...
CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the...
An issue was discovered in the Linux kernel through 5.9.1 as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device aka CID-073d0552ead5.
...
CVE-2020-27675
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the event-handling loop a race condition. This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...