Lucene search
+L

320 matches found

UbuntuCve
UbuntuCve
added 2025/12/24 11:15 a.m.4 views

CVE-2023-53996

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriously marke...

6.3AI score0.00112EPSS
Exploits0References5
OSV
OSV
added 2025/12/24 11:15 a.m.6 views

UBUNTU-CVE-2023-53996

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriously marke...

6.2AI score0.00112EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that encdechypercall accepts page counts instead of sizes, which could result in page mislabeling...

6.2AI score0.00112EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.7 views

PT-2025-52953

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The enc dec hypercall function accepted a page count instead of a size, requiring callers to round up values. This resulted in incorrect marking of pages as decrypted during live migrati...

6.4AI score0.00112EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.10 views

RockyLinux 10 : kernel (RLSA-2025:20095)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20095 advisory. kernel: xen: Xen hypercall page unsafe against speculative attacks Xen Security Advisory 466 CVE-2024-53241 kernel: exfat: fix out-of-bounds access of...

7.8CVSS7.7AI score0.00535EPSS
Exploits2References179
Rockylinux
Rockylinux
added 2025/11/21 6:13 p.m.16 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS6.7AI score0.00535EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.12 views

Siemens SCALANCE and RUGGEDCOM Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-53241)

x86/xen: vulnerability due to issues with the PV iret hypercall through the hypercall page, which is fixed by directly coding the sequence in xen-asm.S to avoid problems with speculation mitigations. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

5.5CVSS6.9AI score0.00304EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.6 views

kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...

5.5CVSS6.9AI score0.00304EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.4 views

kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...

5.5CVSS6.9AI score0.00304EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/11/11 12:0 a.m.15 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

7.8CVSS7.3AI score0.00535EPSS
Exploits1References225
OSV
OSV
added 2025/11/11 12:0 a.m.18 views

ALSA-2025:20518 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

7.8CVSS6.8AI score0.00535EPSS
Exploits1References225
OSV
OSV
added 2025/11/09 7:52 a.m.65 views

MGASA-2025-0270 Updated xen packages fix security vulnerabilities

Double unlock in x86 guest IRQ handling. CVE-2024-31143 Xapi: Metadata injection attack against backup/restore functionality. CVE-2024-31144 Error handling in x86 IOMMU identity mapping. CVE-2024-31145 PCI device pass-through with shared resources. CVE-2024-31146 x86: Deadlock in vlapicerror...

9.8CVSS6.8AI score0.00723EPSS
Exploits0References25
Mageia
Mageia
added 2025/11/09 7:52 a.m.65 views

Updated xen packages fix security vulnerabilities

Double unlock in x86 guest IRQ handling. CVE-2024-31143 Xapi: Metadata injection attack against backup/restore functionality. CVE-2024-31144 Error handling in x86 IOMMU identity mapping. CVE-2024-31145 PCI device pass-through with shared resources. CVE-2024-31146 x86: Deadlock in vlapicerror...

9.8CVSS6.7AI score0.00723EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.6 views

CVE-2025-58148

A flaw was found in Xen. Hypercalls using any input format can cause sendipi to read d-vcpu out-of-bounds, and operate on a wild vCPU pointer. A buggy or malicious guest can cause Denial of Service DoS affecting the entire host, information leaks, or elevation of privilege...

7.5CVSS5.9AI score0.00347EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.4 views

Fedora 41 : xen (2025-48dc1c8c79)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-48dc1c8c79 advisory. Incorrect removal of permissions on PCI device unplug XSA-476, CVE-2025-58149 ---- x86: Incorrect input sanitisation in Viridian hypercalls XSA-475,...

7.5CVSS5.9AI score0.00396EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989449)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989449 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercal...

5.5CVSS6.2AI score0.00304EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990300 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercal...

5.5CVSS6.2AI score0.00304EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 p.m.5 views

EUVD-2025-37345

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

7.5CVSS6.4AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2025/10/31 12:15 p.m.4 views

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

7.5CVSS5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/21 11:25 p.m.4 views

SUSE CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

6.8CVSS7AI score0.00347EPSS
Exploits0References8
Rows per page
Query Builder