CVE-2024-53032

CVE-2024-53032 describes a memory corruption issue in the keyboard virtual device triggered by guest VM interaction on Qualcomm chipsets, with a TOCTOU race condition reported in automotive OS platforms. The vulnerability is rated HIGH (CVSS v3.1: 7.0 base) under local attack vector, with high im...

CVE-2024-53031

CVE-2024-53031 affects Qualcomm chipsets; memory corruption occurs when reading a type value from a buffer controlled by the Guest Virtual Machine. Root cause is described as improper input handling/validation in several sources. Impact is high (confidentiality, integrity, and availability). Loca...

CVE-2024-53031 Improper Input Validation in Automotive OS Platform

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine...

CVE-2024-53031 Improper Input Validation in Automotive OS Platform

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine...

CVE-2024-53029

CVE-2024-53029 affects Qualcomm-based systems running an Automotive OS Platform. The issue is memory corruption caused by reading a value from a buffer controlled by a Guest Virtual Machine (VM). Connected sources corroborate that the vulnerability stems from improper handling of guest-controlled...

CVE-2024-53029 Improper Input Validation in Automotive OS Platform

Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine...

CVE-2024-53029 Improper Input Validation in Automotive OS Platform

Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine...

CVE-2024-53022

CVE-2024-53022 concerns Qualcomm chipset families. The issue is memory corruption that arises during communication between the primary VM and a guest VM, caused by an underlying fault in the VM communication path. Affected software/hardware: Qualcomm chipsets with virtualization features where pr...

CVE-2024-53022 Improper Input Validation in Automotive OS Platform

Memory corruption may occur during communication between primary and guest VM...

CVE-2024-43056

CVE-2024-43056 describes a transient denial-of-service during hypervisor virtual I/O operations in Qualcomm chipset environments. The linked CVE listings emphasize that the issue manifests as a DOS in a virtual machine due to a hypervisor I/O path condition (buffer over-read is noted in CVE listi...

CVE-2024-43056 Buffer Over-read in Hypervisor

Transient DOS during hypervisor virtual I/O operation in a virtual machine...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a transient denial of service during hypervisor virtual I/O operations in a virtual machine...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from memory corruption when the keyboard virtual device interacts with the guest VM...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets, which stems from a memory corruption when reading a type value from a buffer controlled by Guest Virtual Machine...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when reading values from a buffer controlled by Guest Virtual Machine...

The vulnerability of the Azure Network Watcher VM Extension for Windows operating systems arises from an improper definition of the link before accessing a file. This allows attackers to escalate their privileges.

The vulnerability of the Azure Network Watcher VM Extension for Windows operating systems stems from an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their privileges...

Advisory ROSA-SA-2025-2753

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-12.0.1.rv3 CVE-ID: CVE-2020-25659 BDU-ID: 2022-05647 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the python-cryptography package of the Python programming language interpreter is related to RSA key management...

CVE-2025-21740

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-49154

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guestirq is coming from KVMIRQFD API call, it may trigger crash in svmupdatepiirte due to out-of-bounds: crash bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" 0...

SUSE CVE-2022-49611

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...