kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

PT-2022-6256 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 6.1-rc6 Description: A race condition in the x86 KVM subsystem allows guest OS users to cause a denial of service, resulting in a host OS crash or host OS memory corruption when nested virtualisation and the TDP...

PT-2022-35246 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.76 Description: The issue concerns the KVM arm64 vgic, specifically with the exit condition in the scan its table function. The actual impact and attack plausibility have not yet been proven...

kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...

kernel: KVM: VMX: Prevent RSB underflow before vmenter

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

kernel: KVM: x86/mmu: make apf token non-zero to fix bug

A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability...

kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU...

kernel: KVM: Unconditionally get a ref to /dev/kvm module when creating a VM

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: KVM: Unconditionally get a ref to /dev/kvm module when creating a VM...

kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU...

PT-2022-12229 · Lanner · Lanner Inc Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control issue in the SubNet handler func function of spx restservice allows an attacker to change security access rights to KVM and Virtual Media...

PT-2022-34537 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.291 Description: The issue is related to the KVM x86 emulation of the LTR instruction, where the TSS is marked busy after all fault checks. The actual impact and attack plausibility have not yet been prove...

PT-2022-33955 · Linux · Kvm +1

Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.15.61 Linux Kernel versions prior to v5.15.61 Description: The issue concerns a snapshot pre-VM-Enter DEBUGCTL for the !nested run pending case in KVM's nVMX. The actual impact and attack plausibility have not yet bee...

PT-2022-33953 · Linux · Kvm

Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.15.61 Description: The issue concerns the nVMX snapshot pre-VM-Enter BNDCFGS for the !nested run pending case. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to...

PT-2022-33428 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue concerns the KVM module in the Linux Kernel, where a reference to /dev/kvm is unconditionally obtained when creating a VM. The actual impact and attack plausibility have not yet be...

PT-2022-33639 · Linux · Kvm

Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.19.2 Description: The issue concerns the nVMX snapshot pre-VM-Enter BNDCFGS for the !nested run pending case. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to...

kernel: KVM: x86/mmu: make apf token non-zero to fix bug

A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.18.17, which stems from the x86 architecture-based KVM subsystem due to a TLB refresh operation being...

CVE-2022-0171

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization SEV...

The vulnerability of the kvm_dirty_ring_push function (virt/kvm/dirty_ring.c) in the KVM virtualization subsystem of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the kvmdirtyringpush function virt/kvm/dirtyring.c in the KVM virtualization subsystem of the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...