AZL-31943 CVE-2023-5090 affecting package kernel for versions less than 5.15.153.1-1

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

The vulnerability of the sev_es_validate_vmgexit() function in the arch/x86/kvm/svm/sev.c module of the KVM virtualization subsystem in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the sevesvalidatevmgexit function in the arch/x86/kvm/svm/sev.c module of the KVM virtualization subsystem of the Linux operating system is related to resource competition race condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the __check_page_state_visitor() function in the arch/arm64/kvm/hyp/nvhe/mem_protect.c module of the KVM virtualization subsystem in the Linux operating system allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the checkpagestatevisitor function in the arch/arm64/kvm/hyp/nvhe/memprotect.c module of the KVM virtualization subsystem in the Linux operating system is related to incorrect checking of page availability. Exploiting this vulnerability could allow an attacker to compromise t...

UBUNTU-CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

kernel security and bug fix update

5.14.0-284.18.12 - cifs: fix wrong unlock before return from cifstreeconnect - docs: Remove the unnecessary unicode character - perf vendor events intel: Refresh ivytown metrics and events - perf vendor events: Update Intel ivytown - perf vendor events intel: Refresh jaketown metrics and events -...

Important: kernel

Issue Overview: A flaw was found in the x86 KVM subsystem in kvmstealtimesetpreempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations. CVE-2022-39189 In the Linux...

USN-6149-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

The vulnerability of the kvm_steal_time_set_preempted() function in the arch/x86/kvm/x86.c module of the Linux operating system allows a hacker to gain access to protected information.

The vulnerability of the kvmstealtimesetpreempted function in the arch/x86/kvm/x86.c module of the Linux operating system’s kernel is related to incorrect status messages for virtual processors. Exploiting this vulnerability could allow an attacker to gain access to protected information...

The vulnerability of the x86_emulate_insn function in the arch/x86/kvm/emulate.c component of the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the x86emulateinsn function in the arch/x86/kvm/emulate.c component of the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to cause a service failure...

kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

kernel: KVM: x86/xen: Initialize Xen timer only once

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvmxeninittimer is called on every KVMXENVCPUATTRTYPETIMER, which is causing the following ODEBUG crash whe...

kernel: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva

A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace CVE-2022-49932 A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege...

USN-5980-1 linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...

The vulnerability of the kvm_vcpu_ioctl_x86_getdebugregss() function (arch/x86/kvm/x86.c) in the KVM virtualization subsystem of the Linux operating system allows a attacker to gain access to protected information.

The vulnerability of the kvmvcpuioctlx86getdebugregss function arch/x86/kvm/x86.c in the KVM virtualization subsystem of the Linux operating system is related to errors during initialization. Exploiting this vulnerability can allow an attacker to gain access to protected information...

DEBIAN-CVE-2023-1513

A flaw was found in KVM. When calling the KVMGETDEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvmdebugregs structure that could be copied to userspace, causing an information leak...

SUSE CVE-2023-1513

A flaw was found in KVM. When calling the KVMGETDEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvmdebugregs structure that could be copied to userspace, causing an information leak...

Important: kernel

Issue Overview: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L...