58 matches found
Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor
...
CVE-2023-30612
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...
AZL-26278 CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...
Design/Logic Flaw
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...
CVE-2023-30612
Cloud Hypervisor (VM Monitor for cloud workloads) has a vulnerability (CVE-2023-30612) where an attacker with write access to the API socket can send crafted HTTP requests to close arbitrary open file descriptors, crashing the process and causing DoS; a Use-After-Free is also possible. Affected v...
CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...
CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...
CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...
PT-2023-22809 · Unknown · Cloud Hypervisor
Name of the Vulnerable Software and Affected Versions: Cloud Hypervisor versions 30.0 through 31.0 Description: This issue allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP requests through the HTTP API socket, potentially causing...
SUSE CVE-2020-2025
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...
AZL-13701 CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
AZL-13347 CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2
The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...
AZL-42759 CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...
CVE-2020-2025
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...
CVE-2020-2025
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...
Design/Logic Flaw
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...
CVE-2020-2025
CVE-2020-2025 affects Kata Containers before 1.11.0 on Cloud Hypervisor. The issue lets a malicious guest persist or overwrite the underlying image file, potentially gaining control of subsequent VMs. Because Kata uses a shared VM image across VMMs, this may also impact QEMU and Firecracker based...
CVE-2020-2025 Kata Containers - Cloud Hypervisor guests persist filesystem changes to the underlying host image file
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...