kernel: kvm: syscall instruction induced guest panic

The emsyscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 aka syscall opcode, which allows guest OS users to cause a denial of service guest OS crash via a crafted application, as demonstrated by an NASM file...

UBUNTU-CVE-2011-4622

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

kernel: kvm: pit timer with no irqchip crashes the system

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

UBUNTU-CVE-2011-4347

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

CentOS Update for xen CESA-2011:0496 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device...

kvm: vmx null pointer dereference

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

KVM: Check cpl before emulating debug register access

The handledr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level CPL before accessing a debug register, which allows guest OS users to cause a denial of service trap on the host OS via a crafted application...

kvm: emulator privilege escalation

The x86 emulator in KVM 83 does not use the Current Privilege Level CPL and I/O Privilege Level IOPL in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the guest OS by leveraging access to a 1 IO...

kernel: KVM: x86 emulator: limit instructions to 15 bytes

The doinsnfetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service increased scheduling...

PT-2009-5910 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.31.4 Description: The issue is related to an integer overflow in the kvm dev ioctl get supported cpuid function, which can be triggered by a local user via a KVM GET SUPPORTED CPUID request to the kvm arch d...

PT-2011-5236 · Opensuse +4 · Systemtap-Client-Debuginfo +17

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.2.24 openSUSE systemtap-runtime-debuginfo affected versions not specified openSUSE systemtap-sdt-devel affected versions not specified openSUSE systemtap affected versions not specified openSUSE libvmtools0...