DEBIAN-CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...

DEBIAN-CVE-2020-27674

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...

CVE-2020-27670

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated...

UBUNTU-CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...

Oracle VirtualBox Shader Bytecode Type Confusion Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to gain increased privileges.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system relates to operations that go beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

VMSA-2020-0023 : VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities

a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remo...

CVE-2020-3995

In VMware ESXi 6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x before 15.1.0, Fusion 11.x before 11.1.0, the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigg...

CVE-2020-3995

In VMware ESXi 6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x before 15.1.0, Fusion 11.x before 11.1.0, the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigg...

CVE-2020-3995

In VMware ESXi 6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x before 15.1.0, Fusion 11.x before 11.1.0, the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigg...

CVE-2020-3995

CVE-2020-3995: VMware VMCI host driver memory leak in ESXi/Workstation/Fusion (affected versions listed in VMware advisories) can permit a VM-guest attacker with access to trigger memory leakage, potentially exhausting hypervisor memory during sustained attacks. Concrete details across sources sh...

VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

PT-2020-4727 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.9.1 Xen versions up to 4.14.x Description: An issue in the Linux kernel allows guest OS users to cause a denial of service, resulting in a host OS hang, by sending a high rate of events to dom0. This issue is...

Xen evtchn_reset() race conditions privelege escalation (XSA-339)

A privilege escalation vulnerability exists in EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset due to a race condition present in evtchnreset. An authenticated, local attacker can exploit this, via a violation of various internal assumptions, to gain elevate their privilege t...

Xen x86 PV guest kernels DoS (XSA-339)

A denial of service DoS vulnerability exists in Xen servers when using x86 PV guest kernels due to a mishandling of SYSENTER state sanitization activities. An authenticated, local attacker can exploit this issue, via the SYSENTER instruction in 64bit mode, to cause a VM Denial of Service. Note th...

CVE-2020-27152

A stack overflow flaw via an infinite loop condition issue was found in the KVM hypervisor of the Linux kernel. This flaw occurs while processing interrupts because the IRQ state is erroneously set. This flaw allows a guest user to crash the host kernel, resulting in a denial of service. The...