PT-2024-11238 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc5-syzkaller Description: The vulnerability is related to the KVM Kernel-based Virtual Machine component of the Linux kernel. It occurs when the MMU Memory Management Unit context is not properly reset...

DEBIAN-CVE-2021-3501

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and...

UBUNTU-CVE-2021-3501

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and...

The vulnerability in the arch/x86/kvm/svm/sev.c component of the Kernel-based Virtual Machine (KVM) virtualization subsystem of Linux operating systems allows a attacker to cause a service failure.

The vulnerability in the kernel-based virtual machine KVM virtualization subsystem of Linux operating systems, specifically in the arch/x86/kvm/svm/sev.c component, involves uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the KVM virtualization subsystem in the file arch/arm64/kvm/guest.c of the Linux operating system allows a attacker to compromise data integrity and cause service failures.

The vulnerability of the KVM virtualization subsystem in the Linux operating system’s arch/arm64/kvm/guest.c file is related to a lack of mechanisms for checking input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of data and also cause service failures...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid

An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulti...

Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption

A flaw was found in the way the KVM hypervisor on the Power8 processor stores the r1 register state in the 'HSTATEHOSTR1' field on the Linux kernel stack. This flaw occurs while handling hypercalls in Transactional Memory TM suspend mode in the kvmppcsavetm and kvmppcrestoretm routines, leading t...

The vulnerability of the HSTATE_HOST_R1 component of the Kernel-based Virtual Machine (KVM) virtualization subsystem in Linux operating systems allows a attacker to cause a service failure.

The vulnerability of the HSTATEHOSTR1 component of the Linux Kernel-Based Virtual Machine KVM virtualization subsystem arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

Linux kernel KVM Competitive Conditions Issue Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the KVM's of the Linux kernel for PowerPC processors, which stems from the program's failure to properly separate the state of the...

Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

USN-4303-2 linux-lts-xenial, linux-aws vulnerability

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel...

UBUNTU-CVE-2019-3016

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD...

kernel: kvm: guest userspace to guest kernel write

A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside...

DEBIAN-CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

kernel: kvm: guest userspace to guest kernel write

A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside...

Kernel: KVM: OOB memory access via mmio ring buffer

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

USN-4185-3 linux, linux-hwe, linux-oem vulnerability and regression

USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 i915 missing Blitter Command Streamer check was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables EPT are...