kernel: KVM: nVMX: missing consistency checks for CR0 and CR4

A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

DEBIAN-CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

UBUNTU-CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

SUSE CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

DEBIAN-CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

UBUNTU-CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmxgetnestedstate/vmxsetnestedstate KVM can't map evmcs page right away: evmcs gpa is not 'struct...

kernel: KVM: nVMX: missing consistency checks for CR0 and CR4

A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...

kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

USN-6502-3 linux-nvidia-6.2 vulnerabilities

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao discover...

USN-6502-3: Linux kernel (NVIDIA) vulnerabilities

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao discover...

Ubuntu: Security Advisory (USN-6502-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6503-1 linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Bien Pham discovered that the netfiler subsystem in the Linux...

USN-6502-1 linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-starfive vulnerabilities

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao discover...

USN-6497-1: Linux kernel (OEM) vulnerabilities

Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service host kernel crash. CVE-2023-5090 Alon Zahavi discovered that the...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...