Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is...

7CVSS6AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38837

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

5.7AI score0.00147EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:28 p.m.8 views

CVE-2026-52969

CVE-2026-52969 affects the Linux kernel KVM component. The vulnerability stems from an unchecked u64 addition in kvm_reset_dirty_gfn(), where the guard if (!memslot || (offset + __fls(mask)) >= memslot->npages) can be bypassed due to offset being 64‑bit. This can allow an out-of-bounds load...

7CVSS5.7AI score0.00147EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51863

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the kvm reset dirty gfn function within the Kernel-based Virtual Machine KVM component. A local attacker with access to /dev/kvm can manipulate dirty ring...

8.8CVSS6AI score0.00247EPSS
Exploits0References380
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:8 a.m.16 views

KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

...

8.8CVSS5.4AI score0.00126EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.12 views

CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

8.8CVSS5.7AI score0.00126EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the accidental reuse of freed memory due to an unexpected GFN in KVM x86 shadow paging...

8.8CVSS5.8AI score0.00126EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.5 views

CVE-2021-28704

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

8.8CVSS7.3AI score0.00348EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/07 2:19 a.m.4 views

SUSE CVE-2022-49884

In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit'...

4.7CVSS6.3AI score0.00098EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.6 views

SUSE CVE-2012-5525

The getpagefromgfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service crash via a crafted GFN that triggers a buffer over-read...

4.7CVSS6.4AI score0.016EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.4 views

kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

7.8CVSS6.2AI score0.00237EPSS
Exploits0References5
NVD
NVD
added 2016/09/21 2:25 p.m.22 views

CVE-2016-7154

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

7.2CVSS7.3AI score0.00502EPSS
Exploits0References8
OSV
OSV
added 2016/09/21 2:25 p.m.2 views

UBUNTU-CVE-2016-7154

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

6.7CVSS7.6AI score0.00502EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/09/21 2:25 p.m.30 views

CVE-2016-7154

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

7.2CVSS7.2AI score0.00502EPSS
Exploits0References2
Prion
Prion
added 2016/09/21 2:25 p.m.28 views

Design/Logic Flaw

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

7.2CVSS7.9AI score0.00502EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2016/09/21 2:0 p.m.34 views

CVE-2016-7154

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

7.3AI score0.00502EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2016/09/08 7:21 p.m.28 views

CVE-2016-7154

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

8.4CVSS5.4AI score0.00502EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2016/09/08 12:0 a.m.32 views

xen-kernel -- use after free in FIFO event channel code

The Xen Project reports: When the EVTCHNOPinitcontrol operation is called with a bad guest frame number, it takes an error path which frees a control structure without also clearing the corresponding pointer. Certain subsequent operations EVTCHNOPexpandarray or another EVTCHNOPinitcontrol, upon...

7.2CVSS1.1AI score0.00502EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/04/18 12:0 a.m.39 views

xen-kernel -- x86 shadow pagetables: address width overflow

The Xen Project reports: In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an...

8.8CVSS0.4AI score0.00455EPSS
Exploits0References1
Rows per page
Query Builder