Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel versions 3.11 through 5.10.16, as used by Xen. When serving requests to the PV backend, the driver maps grant references provided by the frontend. During this process, errors may occur. In one case, an error encountered earlier might be discarded by late...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001681 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414457)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414457 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2022-23039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...

CVE-2022-48900

Removed by vendor...

RHEL 5 : xsa224_xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xsa224 xen: grant table operations mishandle reference counts XSA-224 CVE-2017-10921 - The grant-table...

SUSE CVE-2013-4375

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service domain grant reference consumption via unspecified vectors...

SUSE CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

SUSE CVE-2022-23042

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

CVE-2022-23042

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

CVE-2022-23039

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

UBUNTU-CVE-2022-23040

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

Fedora 32 : kernel (2021-8d45d297c6)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8d45d297c6 advisory. - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant...

An issue was discovered in the Linux kernel 3.11 through 5.10.16 as used by Xen. To service requests to the PV backend the driver maps grant references provided by the frontend. In this process errors may be encountered. In one case an error encountered earlier might be discarded by later processing resulting in the caller assuming successful mapping and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.

...

UBUNTU-CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

ALPINE-CVE-2017-10922

The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service loss of grant trackability, aka XSA-224 bug 3...

CVE-2017-10922

CVE-2017-10922 affects Xen’s grant-table feature. The grant-table MMIO region grant references are mishandled in Xen up to 4.8.x, enabling guest OS users to cause a denial of service (loss of grant trackability). This is part of XSA-224 (bug 3). Documented impact is a DoS; no exploitation method ...

qemu disk backend (qdisk) resource leak

ISSUE DESCRIPTION The qdisk PV disk backend in the qemu-xen flavour of qemu "upstream qemu" can be influenced by a malicious frontend to leak mapped grant references. IMPACT A malicious HVM guest can cause the backend domain to run out of grant references, leading to a DoS for any other domain...