Lucene search
+L

465 matches found

nvd
nvd
added 14 hours ago6 views

CVE-2026-3842

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpuphysicalmemorymap returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in...

7.8CVSS
Exploits0References3
attackerkb
attackerkb
added 15 hours ago2 views

CVE-2026-3842

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpuphysicalmemorymap returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in...

7.8CVSS6.9AI score
Exploits0References3Affected Software6
redhat
redhat
added yesterday4 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

6.3AI score0.00176EPSS
Exploits5References6
ubuntucve
ubuntucve
added last week7 views

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS5.8AI score0.0012EPSS
Exploits0References2
cve
cve
added 2026/07/09 2:45 p.m.18 views

CVE-2025-58151

CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References3
osv
osv
added 2026/07/04 12:17 p.m.4 views

UBUNTU-CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6.6AI score0.00267EPSS
Exploits0References7
euvd
euvd
added 2026/07/04 11:53 a.m.11 views

EUVD-2026-41667

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References4
cve
cve
added 2026/07/01 1:32 p.m.25 views

CVE-2026-53345

The CVE describes a Linux kernel KVM issue where a page dirty operation could warn about a missing running vCPU even when the VM is dying. The behavior was tied to the VM’s refcount and the state of SEV-ES guests; if a guest memory page remained dirty while the VM is dying and userspace had no ac...

5.8AI score0.00156EPSS
Exploits0References5
euvd
euvd
added 2026/06/19 4:23 p.m.9 views

EUVD-2026-38042

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in amd64-microcode

Incomplete system memory cleanup in the SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity...

4.4CVSS6.2AI score0.00199EPSS
Exploits0References2
euvd
euvd
added 2026/06/11 12:32 a.m.11 views

EUVD-2024-55617

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References2
nvd
nvd
added 2026/06/10 11:16 p.m.9 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS0.00222EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/10 9:54 p.m.28 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS0.00222EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/10 9:54 p.m.10 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
cve
cve
added 2026/06/10 9:54 p.m.23 views

CVE-2024-21944

CVE-2024-21944 maps to an AMD SEV-SNP/ASP issue where SPD metadata can be improperly validated. Research show BadRAM-style exploits that can cause a memory module to misreport size, enabling a local attacker with ring0 or physical access to overwrite guest memory and compromise guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.25 views

PT-2026-45766

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...

8.5CVSS5.8AI score0.00118EPSS
Exploits0References2
redhat
redhat
added 2026/05/28 2:21 a.m.15 views

kernel: mm: thp: deny THP for files on anonymous inodes

A flaw was found in the Linux kernel's Transparent Huge Pages THP mechanism. This vulnerability occurs because the filethpenabled function incorrectly allows THP for files on anonymous inodes, which are not designed for this feature. An attacker could potentially exploit this by manipulating...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Both valid and invalid roots are cleared when unmapping a gfn range. KVM must ensure that it does not hold any references to the freed page after the unmapping...

7.8CVSS6.1AI score0.00237EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: memblock: The memory allocated before it is used in memblockdoublearray was accepted. When increasing the array size in memblockdoublearray, if the slab is not yet available, a call to memblockfindinrange is used to...

5.5CVSS6.5AI score0.00148EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86 – Mark the target gfn of the emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to be executed and fails without ...

5.5CVSS6.1AI score0.00225EPSS
Exploits0References2
Rows per page
Query Builder