226 matches found
CVE-2025-27462
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
CVE-2025-27463 WinPVDrivers: Excessive permissions on user-exposed devices
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...
Astra Linux – Vulnerability in Linux 5.10, Linux
Guests running on Arm can cause Denial of Service DoS attacks on Dom0 through PV devices. When mapping memory pages of guests on Arm, Dom0 uses an rbtree to keep track of the foreign mappings. The update of this rbtree does not always occur completely with the relevant lock held; this results in ...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.3, when it was used with Xen PV. A certain part of the netback driver lacks proper handling of errors, such as failed memory allocations as a result of changes to the way errors related to grant mapping are handled. A denial-of-servi...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: x86/kvm: The teardown of PV features also occurs during boot-up. Various PV features Async PF, PV EOI, steal time work through memory shared with the hypervisor. When we resume from hibernation, we must properly teardown all...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
EUVD-2026-30928
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an initialization error in the ID register of unprotected pKVM clients, potentially leading to...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001515)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001515 advisory. An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004097)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004097 advisory. An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions o...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003966)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003966 advisory. In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000962)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000962 advisory. The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004320)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004320 advisory. In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002669)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002669 advisory. An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002377)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002377 advisory. The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002731)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002731 advisory. Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002173)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002173 advisory. Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002155)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002155 advisory. The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of...
MiracleLinux 3 : kernel-2.6.18-8.17AXS3 (AXSA:2008-82:04)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-82:04 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. CVE-2007-5498: The Xen hypervisor block backend driver for Linux...