4438 matches found
CVE-2022-48919 cifs: fix double free race when mount fails in cifs_get_root()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifsgetroot When cifsgetroot fails during cifssmb3domount we call deactivatelockedsuper which eventually will call delayedfree which will free the context. In this situation we shoul...
UBUNTU-CVE-2022-48890
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvscqueuecommand maps the scatter/gather list using scsidmamap, which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in...
Important: Red Hat Security Advisory: open-vm-tools security update
An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
kernel: virtio-net: tun: mlx5_core short frame denial of service
A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...
Understanding the New Windows Secure Kernel Mode Elevation of Privilege Vulnerability (CVE-2024-21302)
On August 7, 2024, Microsoft disclosed a significant security vulnerability affecting Windows-based systems, known as CVE-2024-21302. This zero-day vulnerability allows attackers with administrator privileges to elevate their access by replacing current versions of Windows system files with...
kernel: virtio-net: tun: mlx5_core short frame denial of service
A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...
KB5041773: Windows 10 Version 1607 / Windows Server 2016 Security Update (August 2024)
The remote Windows host is missing security update 5041773. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
KB5041592: Windows 11 version 21H2 Security Update (August 2024)
The remote Windows host is missing security update 5041592. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
KB5041585: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (August 2024)
The remote Windows host is missing security update 5041585. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
KB5041160: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (August 2024)
The remote Windows host is missing security update 5041160. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
KB5041573: Windows Server version 23H2 Security Update (August 2024)
The remote Windows host is missing security update 5041573. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
KB5041580: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (August 2024)
The remote Windows host is missing security update 5041580. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
CVE-2024-39483
...
CWA-2024-004: Gas mispricing in cosmwasm-vm
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...
CVE-2024-21302
Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Summary: As of July 10, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...
Update Rollup 6 for System Center 2019 Virtual Machine Manager console
Update Rollup 6 for System Center 2019 Virtual Machine Manager console Start your article with a very short introduction 1 sentence. Put yourself in the reader's place - why are they here? What should they do? 1. Get straight to a quick list of steps to accomplish the task.If you need to explain ...
ROS-20240805-05
Vulnerability in kube-apiserver component of virtual machine cluster management software tool Kubernetes is related to redirection to malicious resources during proxied update requests. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...
USN-6926-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...
DEBIAN-CVE-2024-41070
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...