Lucene search
K

222 matches found

CVE
CVE
added 6 days ago30 views

CVE-2026-23561

CVE-2026-23561 is part of a set of RBAC-related issues in XAPI (XenServer/XCP-ng) where certain administrator roles (vm-admin, etc.) can improperly modify RBAC-protected settings. Specifically, this CVE allows a vm-admin to set VM.other_config:storage_driver_domain and mark a VM as the storage do...

9.4CVSS7.3AI score0.0014EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fixed a potential memory leak in scsibackremove. The memory allocated for the struct vscsiblkinfo structure in scsibackprobe is not freed in scsibackRemove, resulting in potential memory leaks during the...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.13 views

RHEL 10 : kernel (RHSA-2026:27288)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27288 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf...

9.8CVSS7AI score0.004EPSS
Exploits11References32
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel through version 5.9.1, as used with Xen up to version 4.14.x. The file drivers/xen/events/eventsbase.c allows for the removal of event channels during the event-handling loop a race condition. This can lead to a use-after-free or NULL pointer...

4.7CVSS6.6AI score0.00265EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : xen (SUSE-SU-2026:2328-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2328-1 advisory. - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. -...

8.1CVSS5.9AI score0.00353EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.14 views

Astra Linux – Vulnerability in Linux, Linux 5.10

Rogue backends can cause Denial of Service DoS attacks on guests through high-frequency events. This CNA information record relates to multiple Common Vulnerabilities and Exposures CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Xen allows for the execution of PV...

6.5CVSS6.9AI score0.00332EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

Transmitted requests in Xen’s virtual network protocol can consist of multiple parts. Although none of them are actually useful, except for the initial part, any of these parts can be of zero length, meaning they carry no data at all. In addition to the certain initial portion of the data to be...

7.5CVSS6.7AI score0.01177EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing the DMACR register The chapter “B Generic UART” in “ARM Server Base System Architecture” 1 describes a generic UART interface. Such a generic UART does not support DMA. In current cod...

5.8AI score0.00207EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodation for VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: The user process sets up a gntdev mapping consisting of...

5.5CVSS6.1AI score0.00148EPSS
Exploits0References1
Xen Project
Xen Project
added 2026/05/12 4:2 p.m.14 views

x86: CPU Opcode Cache corruption

ISSUE DESCRIPTION AMD have disclosed a potential vulnerability in certain CPUs which can cause instructions to execute at a higher privilege. For more information, see: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html IMPACT Code of any privilege could escalate to a...

7.3CVSS5.9AI score0.00258EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013857)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013857 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter B Generic UART in ARM Server...

5.6AI score0.00207EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.8 views

CVE-2026-23554

A flaw was found in Xen. An optimization in the Intel Extended Page Table EPT paging code, used by Xen, defers flushing cached EPT state. However, the freeing of paging structures is not similarly deferred. This can result in freed memory pages remaining in the cached state, allowing stale entrie...

7.8CVSS5.7AI score0.00128EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/28 3:33 p.m.6 views

CVE-2026-23553 x86: incomplete IBPB for vCPU isolation

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

5.9AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 3:33 p.m.36 views

CVE-2026-23553 x86: incomplete IBPB for vCPU isolation

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

0.00129EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/01/28 3:33 p.m.5 views

CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

2.9CVSS5.5AI score0.00129EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 3 : kernel-2.6.18-348.5.AXS3 (AXSA:2013-550:05)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-550:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

4.7CVSS7.5AI score0.00411EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000608 advisory. The switchto function in arch/x86/kernel/process64.c in the Linux kernel does not properly context- switch IOPL on 64-bit PV Xen guests, which allows local guest OS...

7.8CVSS7.3AI score0.00513EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001333 advisory. An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the...

4.7CVSS6.5AI score0.00265EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001013)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001013 advisory. The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users...

4.9CVSS6.6AI score0.0044EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004306)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004306 advisory. An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate...

5.5CVSS6.2AI score0.0041EPSS
Exploits0References12
Rows per page
Query Builder