119 matches found
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier CVE-2021-47659 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix some memory leaks in an error handling path of 'logreplay'...
UBUNTU-CVE-2022-1789
With shadow paging enabled, the INVPCID instruction results in a call to kvmmmuinvpcidgva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference...
Buffer overflow
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
CVE-2022-24537
Windows Hyper-V Remote Code Execution Vulnerability...
kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...
KVM 安全漏洞
KVM is a kernel-based virtual machine. A security vulnerability exists in the AMD code for KVM, which stems from incorrect validation of "virtext" when processing VMCBs Virtual Machine Control Blocks provided by L1 guests to generate/process nested guests L2...
CVE-2021-33758
Windows Hyper-V Denial of Service Vulnerability...
CVE-2021-2279
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful...
The vulnerability in the arch/x86/kvm/svm/sev.c component of the Kernel-based Virtual Machine (KVM) virtualization subsystem of Linux operating systems allows a attacker to cause a service failure.
The vulnerability in the kernel-based virtual machine KVM virtualization subsystem of Linux operating systems, specifically in the arch/x86/kvm/svm/sev.c component, involves uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to trigger a service failure.
The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
QEMU 访问控制错误漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions via virtiofsd in ord...
Red Hat libvirt Elevation of Privilege Vulnerability
Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability exists in Red Hat libvirt that stems...
Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2020-40801)
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...
The vulnerability of the EHCI controller in VMware ESXi, VMware Workstation, and VMware Fusion allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the EHCI controller in VMware ESXi, VMware Workstation, and VMware Fusion lies in the lack of protection for service data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
DEBIAN-CVE-2019-3016
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD...
CVE-2020-2698
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...
Microsoft Windows Hyper-V Denial of Service Vulnerability (CNVD-2019-42609)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...
ALPINE-CVE-2019-17343
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains...
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code in the host operating system.
The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system exists due to insufficient verification of input data on the host server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the host operating system using a...