SUSE SLES11 Security Update : xen (SUSE-SU-2022:14886-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14886-1 advisory. - A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where...

The vulnerability of Xen hypervisors, related to the use of memory after it is freed, allows a attacker to cause a service failure or increase their privileges.

The vulnerability of Xen hypervisors relates to the use of memory after it is freed during the processing of input/output page tables in the IOMMU Input/Output Memory Management Unit memory management unit. Exploiting this vulnerability can allow an attacker to cause service failures or increase...

[SECURITY] Fedora 35 Update: qemu-6.1.0-14.fc35

qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...

VMWare Cloud Foundation (ESXi) 访问控制错误漏洞

Vmware VMware Cloud Foundation is an all-in-one hybrid cloud platform from Vmware. The platform includes features such as operations automation, infrastructure auto-configuration, and integrated lifecycle management. An access control error vulnerability exists in VMWare Cloud Foundation ESXi tha...

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a perpetrator to cause service interruptions...

StarWind SAN & NAS has unspecified vulnerabilities

StarWind SAN & NAS is a standalone hypervisor server or group of servers for StarWind.A security vulnerability exists in StarWind SAN & NAS that could be exploited by an attacker to reset the passwords of other users...

StarWind SAN

StarWind SAN & NAS is a standalone hypervisor server or group of servers for StarWind.A command injection vulnerability exists in StarWind SAN & NAS, which can be exploited by attackers to remotely execute code...

Microsoft Hyper-V资源管理错误漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V is vulnerable to a resource management error. The following products and editions are affected:Windows 10 Version 1809 for...

Citrix Releases Security Updates for Hypervisor

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX337526 and apply the necessary updates. This product ...

Important: kernel

Issue Overview: A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service...

Important: kernel

Issue Overview: A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization...

VMware Fusion 12.x < 12.2.0 Heap Overflow RCE (VMSA-2022-0001)

VMware Fusion contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. Not...

SUSE SLES12 Security Update : xen (SUSE-SU-2022:0342-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0342-1 advisory. - A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where ...

CVE-2022-21816

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager nvidia.ko, where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service...

Design/Logic Flaw

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager nvidia.ko, where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service...

CVE-2022-21816

CVE-2022-21816 affects NVIDIA vGPU Software — the Virtual GPU Manager (nvidia.ko). A guest-OS user can induce a GPU interrupt storm on the hypervisor host, causing a denial of service. Public details confirm affected software is NVIDIA vGPU Software (nvidia.ko) with this root cause and impact; ex...

CVE-2022-21816

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager nvidia.ko, where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service...

Security Advisory for Citrix Hypervisor

Several security issues have been identified that affect Citrix Hypervisor: An issue has been identified that may allow privileged code in a PV guest VM to cause the host to crash. This issue has the following identifier: CVE-2022-23034 Note that PV guests are supported in Citrix XenServer 7.1 LT...

CVE-2020-12966

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP. A local authenticated attacker could potentially exploit this vulnerability leading to...

Information disclosure

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP. A local authenticated attacker could potentially exploit this vulnerability leading to...