kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva

A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service...

GHSA-WHPJ-8F3W-67P5 vm2 Sandbox Escape vulnerability

A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. Patches Thi...

Design/Logic Flaw

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

PYSEC-2023-78

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

Buffer overflow

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

CVE-2023-31146

Vyper prior to 0.3.8 is vulnerable to out-of-bounds access in codegen when a dynarray is on both the LHS and RHS of an assignment. The length word is written before the data, enabling OOB access and potential data corruption across call frames. The issue is fixed in version 0.3.8. Affected produc...

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

CVE-2022-23818

Insufficient input validation on the model specific register: VMHSAVEPA may potentially lead to loss of SEV-SNP guest memory integrity...

kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva

A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service...

kernel: blk-mq: avoid double ->queue_rq() because of early timeout

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...

kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning

A flaw was found in the x86 KVM subsystem in kvmstealtimesetpreempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning

A flaw was found in the x86 KVM subsystem in kvmstealtimesetpreempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

PT-2025-41059

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s block management queue blk-mq subsystem where a double queue rq call can occur due to early timeouts. This can be triggered in virtual machine use cas...

Moderate: libguestfs-winsupport security update

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine VM disk images. Security Fixes: ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 ntfs-3g: crafted NTFS image can cause heap...

PT-2023-12737 · Amd · Amd Sev-Snp

Name of the Vulnerable Software and Affected Versions: AMD SEV-SNP affected versions not specified Description: The issue is related to insufficient input validation on the model-specific register: VM HSAVE PA, which may potentially lead to loss of SEV-SNP guest memory integrity. Recommendations:...

ALSA-2023:2179 Moderate: libguestfs-winsupport security update

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine VM disk images. Security Fixes: ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 ntfs-3g: crafted NTFS image can cause heap...