kernel: KVM: s390: vsie: fix race during shadow creation

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

kernel: KVM: s390: fix setting of fpc register

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvmarchvcpuioctlsetfpu allows to set the floating point control fpc register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may le...

SUSE CVE-2024-35804

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the target gfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. This fixes a bug where KVM...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a failure in the KVM:x86 module to handle SRCU initialization during page track initialization...

UBUNTU-CVE-2024-35980

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand...

UBUNTU-CVE-2024-35804

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the target gfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. This fixes a bug where KVM...

SUSE CVE-2024-26976

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

DEBIAN-CVE-2024-26992

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host...

kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU...

OESA-2024-1356 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not...

SUSE CVE-2023-52597

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvmarchvcpuioctlsetfpu allows to set the floating point control fpc register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may le...

The vulnerability of the KVM virtualization subsystem in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the KVM virtualization subsystem in Linux operating systems relates to the use of memory after it is freed during the registration of input/output devices. Exploiting this vulnerability can allow an attacker to cause a service failure...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue with emulationrequired in KVM VMX...

SUSE CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

UBUNTU-CVE-2021-47061

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new...

CLSA-2024-1709203515 kernel: Fix of 7 CVEs

KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...

DEBIAN-CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

PT-2024-21468

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a circular locking dependency in the KVM Kernel-based Virtual Machine component of the Linux kernel, specifically on arm64 architectures. The problem arises becau...

SUSE CVE-2023-5090

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

kernel: KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix eventfd error handling in kvmxeneventfdassign Should not call eventfdctxput in case of error. Introduce new goto target instead. - Paolo...