UBUNTU-CVE-2023-5090

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

CLSA-2023-1693426883 kernel: Fix of 20 CVEs

netfilter: nftsetpipapo: fix improper element removal CVE-2023-4004 - net: tun: fix bugs for oversize packet when napi frags enabled CVE-2023-3812 - net/sched: clsfw: Fix improper refcount update leads to use-after-free CVE-2023-3776 - net/sched: schqfq: account for stab overhead in qfqenqueue...

USN-6127-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva

A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service...

kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva

A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service...

kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning

A flaw was found in the x86 KVM subsystem in kvmstealtimesetpreempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning

A flaw was found in the x86 KVM subsystem in kvmstealtimesetpreempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

OESA-2023-1212 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.cCVE-2023-28328 A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ...

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing an information leak.

...

Linux KVM 安全漏洞

Linux KVM is a kernel-based virtual machine. A security vulnerability exists in Linux KVM that stems from the presence of an information leakage vulnerability...

SUSE CVE-2009-1242

The vmxsetmsr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service OOPS by setting the EFERLME aka "Long mode enable" bit in the Extended Feature Enable Register EF...

SUSE CVE-2009-3290

The kvmemulatehypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service guest kernel crash and...

SUSE CVE-2010-0435

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

SUSE CVE-2011-4622

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

SUSE CVE-2013-6368

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service system crash via a VAPIC synchronization operation involving a page-end address...

SUSE CVE-2014-3611

Race condition in the kvmmigratepittimer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service host OS crash by leveraging incorrect PIT emulation...

SUSE CVE-2014-3647

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service guest OS crash via a crafted application...

SUSE CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

SUSE CVE-2021-37576

arch/powerpc/kvm/book3srtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtasargs.nargs, aka CID-f62f3c20647e...

SUSE CVE-2022-1158

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...