Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.3 views

PT-2025-36382

Name of the Vulnerable Software and Affected Versions: versions prior to 12.0 Hotfix 91155 Description: Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory, resulting in a loss of integrity. Recommendations: At the moment, there is no...

5.3CVSS6.1AI score0.00116EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-1059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical...

6.1CVSS6.3AI score0.00878EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions...

6.1CVSS6.6AI score0.00878EPSS
Exploits0References8
OSV
OSV
added 2022/10/17 8:11 p.m.9 views

USN-5684-1 linux-azure vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

8.2CVSS6.7AI score0.02972EPSS
Exploits1References10
OSV
OSV
added 2022/10/04 6:27 p.m.9 views

USN-5655-1 linux-intel-iotg vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7AI score0.05542EPSS
Exploits1References12
OSV
OSV
added 2022/09/22 5:27 p.m.5 views

USN-5633-1 linux-gcp, linux-gke, linux-raspi vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS6.9AI score0.05542EPSS
Exploits1References12
Microsoft CVE
Microsoft CVE
added 2022/09/03 7:0 a.m.3 views

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host possibly leading to information disclosure.

...

5.5CVSS5.4AI score0.00311EPSS
Exploits0
OSV
OSV
added 2022/08/24 3:13 p.m.3 views

USN-5579-1 linux, linux-kvm, linux-lts-xenial vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2018/06/12 11:21 a.m.9 views

USN-3679-1 qemu update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

5.5CVSS6.9AI score0.60631EPSS
Exploits2References2
OSV
OSV
added 2018/06/03 8:56 a.m.4 views

SUSE-SU-2018:1492-1 Security update for dpdk-thunderxdpdk

This update fixes the following issues: - CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest...

6.1CVSS6AI score0.00878EPSS
Exploits0References3
OSV
OSV
added 2018/05/21 11:59 p.m.4 views

USN-3651-1 qemu update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

5.5CVSS7.1AI score0.60631EPSS
Exploits2References2
OSV
OSV
added 2018/02/07 4:43 p.m.3 views

USN-3561-1 libvirt update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...

5.6CVSS6.9AI score0.74041EPSS
Exploits9References2
OSV
OSV
added 2017/07/05 1:29 a.m.1 views

ALPINE-CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

6.5CVSS6AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2017/07/05 1:29 a.m.0 views

DEBIAN-CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

6.5CVSS7.7AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2016/12/09 10:59 p.m.1 views

DEBIAN-CVE-2016-9103

The v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them...

6CVSS8.6AI score0.00393EPSS
Exploits0References1
OSV
OSV
added 2016/04/13 3:59 p.m.1 views

DEBIAN-CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

6.5CVSS7.8AI score0.00381EPSS
Exploits0References1
Rows per page
Query Builder