Security Bulletin: The PowerVM Platform KeyStore functionality can be compromised if an attacker gains service access to the FSP

Summary An attacker that gains service access to the FSP can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID: CVE-2021-29765 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if...

IBM PowerVM Hypervisor 授权问题漏洞

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualized environment for applications built on the advanced RAS features and leading performance of the Power Systems platform. An authorization issue vulnerability exists in IBM...

Corel Parallels Desktop Elevation of Privilege Vulnerability

A security vulnerability exists in Corel Parallels Desktop Toolgate, a suite of virtual machine software for the macOS platform from Corel Canada, stemming from uncontrolled memory allocation in the Toolgate component. An attacker could exploit the vulnerability to escalate privileges in the...

(Pwn2Own) Parallels Desktop Toolgate Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgat...

(Pwn2Own) Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...

(Pwn2Own) Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

Corel Parallels Desktop 缓冲区错误漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. A buffer error vulnerability exists in Corel Parallels Desktop. Exploitation of this vulnerability allows a local administrator to elevate privileges and execute arbitrary code in the system...

(Pwn2Own) Parallels Desktop virtio-gpu Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Citrix Provisioning Services - Machine Creation Fails While Running The PVS CVAD Setup Wizard

The PVS CVAD Setup Wizard fails to create new virtual machines when running on a VMware Hypervisor. vCenter displays an error when the CVAD Setup Wizard fails to complete its task similar to the following: Unable to find device or file /Failed to clone a VM, error: Invalid configuration for devic...

Hotfix XS82E030 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart Host Content live patchable| Yes Baselines for Live Patch| XS82E024 Revision History| Published on J...

Oracle VirtualBox NAT Numeric Truncation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

The vulnerability of the virtualization paravirtualization mode implementation in Xen hypervisors allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the PV mode implementation in Xen hypervisors relates to the use of the Indirect Branch Restricted Speculation IBRS mechanism for indirect branch control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

Citrix Hypervisor Open Source Licensing and Attribution

The Citrix Hypervisor product is a compilation of software packages. Each package is governed by its own license. The complete licensing terms applicable to a given package can be found in the source RPM of the package, unless the package is covered by a proprietary license which does not permit...

ACRN Buffer Overflow Vulnerability

ACRN is an open source project released by the Linux Foundation, a hypervisor designed for IoT and embedded devices. An irteallocbitmap buffer overflow vulnerability exists in dmarfreeirte in hypervisor/arch/x86/vtd.c in versions prior to ACRN 2.5. No detailed vulnerability details are provided a...

ACRN Reuse After Release Vulnerability

ACRN is an open source project released by the Linux Foundation, which is a hypervisor designed for IoT and embedded devices. Device Model in ACRN suffers from a devicemodel/core/mem.c post-release reuse vulnerability. No details of the vulnerability are available at this time...

ACRN Null Pointer Dereference Vulnerability (CNVD-2021-49151)

ACRN is an open source project released by the Linux Foundation, which is a hypervisor designed for IoT and embedded devices. A null pointer dereference vulnerability exists in devicemodel/hw/pci/xhci.c in versions prior to ACRN 2.5. No details of the vulnerability are provided at this time...

CVE-2021-36146

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer...

CVE-2021-36148

An issue was discovered in ACRN before 2.5. dmarfreeirte in hypervisor/arch/x86/vtd.c allows an irteallocbitmap buffer overflow...

CVE-2021-36147

An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtionet.c virtionetpingrxq NULL pointer dereference for vq-used...