USN-5911-1 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-lowlatency, linux-oracle vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

SUSE CVE-2009-2287

The kvmarchvcpuioctlsetsregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVMSETSREGS call, which allows local users to cause a denial of service crash or hang via a crafted cr3 value, which triggers a NULL pointer...

SUSE CVE-2010-0298

The x86 emulator in KVM 83 does not use the Current Privilege Level CPL and I/O Privilege Level IOPL in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the guest OS by leveraging access to a 1 IO...

SUSE CVE-2010-0419

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service guest OS crash or gain privileges on the guest OS by leveraging...

SUSE CVE-2012-2137

Buffer overflow in virt/kvm/irqcomm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service crash and possibly execute arbitrary code via vectors related to Message Signaled Interrupts MSI, irq routing entries, and an incorrect check by the...

SUSE CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

SUSE CVE-2016-8630

The x86decodeinsn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service host OS crash via a certain use of a ModR/M byte in an undefined instruction...

SUSE CVE-2016-10150

Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service host OS crash or possibly gain privileges via crafted ioctl calls on the /dev/kvm device...

SUSE CVE-2017-2584

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service use-after-free via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt...

SUSE CVE-2017-17741

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a writemmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h...

SUSE CVE-2018-10853

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate...

SUSE CVE-2019-7221

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free...

SUSE CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

SUSE CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

SUSE CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

kernel: KVM: VMX: Prevent RSB underflow before vmenter

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

PT-2022-36069 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue concerns the initialization of gfn to pfn cache locks in KVM. It was introduced in version v5.17 and fixed in Linux Kernel version v6.0.8. The actual impact and attack plausibility...

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 6.1-rc6 and prior versions, which stems from a race condition in its x86 KVM subsystem that allows guest operating system users ...