CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly initializing the vmci transport packet structure, which could result in uninitialized data...

The vulnerability of the Virtual Machine Communication Interface (VMCI) implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation allows a perpetrator to execute arbitrary code.

The vulnerability of the Virtual Machine Communication Interface VMCI implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...

AZL-64496 CVE-2025-38102 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

kernel: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy run-time warning in dgdispatchashost The Linux kernel CVE team has assigned CVE-2024-35944 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35944-a860@gregkh/T...

DEBIAN-CVE-2022-49759

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

UBUNTU-CVE-2022-49759

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

CVE-2022-49759 VMCI: Use threaded irqs instead of tasklets

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from VMCI's use of tasklet to cause an invalid sleep...

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...

The vulnerability of the VMCI component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the VMCI component in the Linux operating system’s kernel is related to errors in resource management within the dgdispatchashost function. Exploiting this vulnerability can allow an attacker to trigger a service failure...

CLSA-2024-1729874131 kernel: Fix of 43 CVEs

drm/amdgpu: Validate TA binary size CVE-2024-44977 - drm/amd/display: Avoid overflow from uint32t to uint8t CVE-2024-47661 - scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo CVE-2024-46842 - ALSA: line6: Fix racy access to midibuf CVE-2024-44954 - exec: Fix ToCToU between perm check and...

CVE-2024-46738

...

CLSA-2024-1728583613 Fix of 18 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-46802 - drm/amd/display: added NULL check at start of dcvalidatestream CVE-url: https://ubuntu.com/security/CVE-2024-46818 - drm/amd/display: fix sporadic multiple aux transaction failure - drm/amd/display: Check gpioid before used as array index...

kernel: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy run-time warning in dgdispatchashost The Linux kernel CVE team has assigned CVE-2024-35944 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35944-a860@gregkh/T...

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...

DEBIAN-CVE-2024-46738

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmciresourceremove When removing a resource from vmciresourcetable in vmciresourceremove, the search is performed using the resource handle by comparing context and resource...

SUSE CVE-2008-4410

The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where writeldtentry was intended, which allows local users to cause a denial of service persistent application failure via crafted function calls, relat...

PT-2023-34736 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue concerns the use of threaded irqs instead of tasklets in the VMCI. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions pri...

PT-2025-37700

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc4 Description: The Linux kernel contains a flaw in the VMCI subsystem where a call to get user pages fast in vmci host setup notify can return a NULL value for context-notify page, leading to a general...