6 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013701)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013701 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000260)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000260 advisory. An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write...
CVE-2023-54024
The CVE-2023-54024 issue affects the Linux kernel’s KVM coalesced MMIO path. If the kernel’s kvm_io_bus_unregister_dev() removal fails, the code now destroys and frees the target coalesced MMIO device to avoid an unreferenced memory leak and inconsistent state. The provided description notes that...
CVE-2023-54024 KVM: Destroy target device if coalesced MMIO unregistration fails
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvmiobusunregisterdev does not destroy the targ...
UBUNTU-CVE-2021-47341
In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvmvmioctlunregistercoalescedmmio BUG: KASAN: use-after-free in kvmvmioctlunregistercoalescedmmio+0x7c/0x1ec arch/arm64/kvm/../../../virt/kvm/coalescedmmio.c:183 Read of size 8 at addr...
Kernel: KVM: OOB memory access via mmio ring buffer
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...