Lucene search
K

198 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

7.5CVSS6.6AI score0.00289EPSS
Exploits0References23
Rockylinux
Rockylinux
added 2023/01/23 2:30 p.m.17 views

virtio-win bug fix and enhancement update

An update is available for virtio-win. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virtio-win package provides paravirtualized network drivers for most...

2.7AI score
Exploits0
Rockylinux
Rockylinux
added 2022/08/09 9:35 a.m.12 views

virtio-win bug fix and enhancement update

An update is available for virtio-win. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virtio-win package provides paravirtualized network drivers for most...

2.7AI score
Exploits0
NCSC
NCSC
added 2022/07/27 12:0 a.m.4 views

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. The vulnerability allows a malicious party to cause a denial-of-service. Within Shadow Mode, a TLB flush is performed incorrectly potentially causing the host system to run out of memory memory. Only x86 PV guest systems can trigger this vulnerability trigge...

8.8CVSS7.8AI score0.00289EPSS
Exploits0
OSV
OSV
added 2022/07/26 1:15 p.m.5 views

ALPINE-CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS7.1AI score0.00289EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/26 1:15 p.m.4 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References10
OSV
OSV
added 2022/07/26 1:15 p.m.4 views

UBUNTU-CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS6.8AI score0.00289EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/07/26 12:0 a.m.1 views

PT-2022-7531 · Xen +2 · Xen +2

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to insufficient checking of input data in the Shadow Mode component of the Xen hypervisor, which can allow an attacker to elevate their privileges. The problem is...

8.8CVSS6.1AI score0.06451EPSS
Exploits3References156
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.4 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen, whic...

4.7CVSS6.7AI score0.00309EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.12 views

PT-2022-5558 · Linux +5 · Linux +5

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Xen affected versions not specified Description: The issue is related to errors in resource release and a potential Denial of Service DoS in dom0 caused by Arm guests via PV devices. When mapping pages of...

9.8CVSS7.6AI score0.67994EPSS
Exploits209References1004
OSV
OSV
added 2022/06/09 5:15 p.m.3 views

ALPINE-CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

6.7CVSS7.1AI score0.00494EPSS
Exploits3References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.2 views

Linux 竞争条件问题漏洞

Linux is an open source operating system from the Linux Foundation in the United States. A security vulnerability exists in Linux PV devices that stems from a competitive condition and the lack of return code testing in Linux, where a malicious backend of a PV device front-end driver can access...

7CVSS6.7AI score0.00359EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

Linux 竞争条件问题漏洞

Linux is an open source operating system from the Linux Foundation in the United States. A security vulnerability exists in Linux PV devices that stems from a competitive condition and the lack of return code testing in Linux, where a malicious backend of a PV device front-end driver can access...

7CVSS6.7AI score0.0025EPSS
Exploits0References12
Rockylinux
Rockylinux
added 2022/02/01 8:9 p.m.12 views

virtio-win bug fix and enhancement update

An update is available for virtio-win. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virtio-win package provides paravirtualized network drivers for most...

2.7AI score
Exploits0
CNNVD
CNNVD
added 2021/11/23 12:0 a.m.7 views

Xen 命令注入漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A command injection vulnerability exists ...

8.8CVSS7.7AI score0.00328EPSS
Exploits0References16
Rockylinux
Rockylinux
added 2021/08/10 12:0 p.m.23 views

virtio-win bug fix and enhancement update

An update is available for virtio-win. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virtio-win package provides paravirtualized network drivers for most...

2.7AI score
Exploits0
OSV
OSV
added 2021/06/11 3:15 p.m.1 views

DEBIAN-CVE-2021-28689

x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...

5.5CVSS5.9AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2021/03/05 6:15 p.m.3 views

DEBIAN-CVE-2021-28039

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has...

6.5CVSS6.4AI score0.00424EPSS
Exploits0References1
Xen Project
Xen Project
added 2021/03/04 10:58 a.m.87 views

Linux: special config may crash when trying to map foreign pages

ISSUE DESCRIPTION With CONFIGXENBALLOONMEMORYHOTPLUG disabled and CONFIGXENUNPOPULATEDALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONEDEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the...

6.5CVSS0.7AI score0.00424EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/11/04 8:0 a.m.3 views

An issue was discovered in the Linux kernel through 5.9.1 as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device aka CID-073d0552ead5.

...

4.7CVSS8.4AI score0.00265EPSS
Exploits0
Rows per page
Query Builder