ALPINE-CVE-2022-42323

Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel has a security vulnerability that stems from a flaw discovered in the AMD nested virtualization SVM of KVM. A malicious L1 guest may intentionally not intercept the shutdown of a...

xhyve 缓冲区错误漏洞

xhyve is a lightweight OS X virtualization solution open-sourced by machyve. A security vulnerability exists in xhyve commit number:dfbe09b that stems from a stack buffer overflow in its pcivtrndnotify component...

CLSA-2022-1659017902 Fixed CVE-2021-22543 in kernel

KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...

ALPINE-CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to gain increased privileges.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2022-15180

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Windows 10 versions 1607, 1809, 1909, 20h2, 21h1, 21h2 Microsoft Windows 11 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2016 Microsoft Windows...

ALPINE-CVE-2021-28710

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures page tables may and, on suitable hardware, by default will be shared between CPUs, for second-level translation EPT, and IOMMUs. These page tables are presently set up to alwa...

CVE-2021-28710

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures page tables may and, on suitable hardware, by default will be shared between CPUs, for second-level translation EPT, and IOMMUs. These page tables are presently set up to alwa...

libvirt: Insecure sVirt label generation

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks

A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...

kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks

A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...

kernel security, bug fix, and enhancement update

4.18.0-305.12.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

IBM PowerVM Hypervisor 授权问题漏洞

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualized environment for applications built on the advanced RAS features and leading performance of the Power Systems platform. An authorization issue vulnerability exists in IBM...

The vulnerability of the Role-Based Access Control (RBAC) implementation in the VMware NSX-T hypervisor-based virtualization platform allows a perpetrator to increase their privileges.

The vulnerability of the Role-Based Access Control RBAC implementation in VMware NSX-T network virtualization platforms is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

DEBIAN-CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

Parallels Desktop Out-of-Bounds Read Elevation of Privilege Vulnerability (CNVD-2020-46852)

Parallels Desktop is a virtual machine software that runs on Mac computers. An out-of-bounds read elevation of privilege vulnerability exists in the hypervisor kernel extension in versions prior to Parallels Desktop 15.1.4 47270. The vulnerability stems from a lack of proper validation of...

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...