379 matches found
SUSE CVE-2022-1263
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service...
SUSE CVE-2022-45869
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...
Speculative execution attacks in KVM VMX
...
UBUNTU-CVE-2022-2196
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L2 with code...
kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...
CLSA-2022-1669919330 kernel: Fix of CVE-2021-22543
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...
kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service...
kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a...
kernel: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC
A vulnerability was found in the Linux kernel's KVM component related to the LAPIC during the guest reboot process. This issue arises when the SETLAPIC command is issued without exposing the tsc-deadline mode, leading to warnings and potential inconsistencies due to an unhandled preemption timer...
kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a...
kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...
kernel: KVM: VMX: Prevent RSB underflow before vmenter
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...
PT-2025-8490 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.18.0-rc5 Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the x86/fpu component of the KVM Kernel-based Virtual Machine and affects the handling of FPU state for...
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a denial of service.
...
DEBIAN-CVE-2022-39189
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...
UBUNTU-CVE-2022-2153
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a...
Ubuntu: Security Advisory (USN-2420-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...