19 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-52969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is...
EUVD-2026-38837
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...
CVE-2026-52969
CVE-2026-52969 affects the Linux kernel KVM component. The vulnerability stems from an unchecked u64 addition in kvm_reset_dirty_gfn(), where the guard if (!memslot || (offset + __fls(mask)) >= memslot->npages) can be bypassed due to offset being 64‑bit. This can allow an out-of-bounds load...
PT-2026-51863
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the kvm reset dirty gfn function within the Kernel-based Virtual Machine KVM component. A local attacker with access to /dev/kvm can manipulate dirty ring...
KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
...
CVE-2026-46113
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the accidental reuse of freed memory due to an unexpected GFN in KVM x86 shadow paging...
CVE-2021-28704
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
SUSE CVE-2022-49884
In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit'...
SUSE CVE-2012-5525
The getpagefromgfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service crash via a crafted GFN that triggers a buffer over-read...
kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
CVE-2016-7154
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...
UBUNTU-CVE-2016-7154
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...
CVE-2016-7154
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...
Design/Logic Flaw
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...
CVE-2016-7154
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...
CVE-2016-7154
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...
xen-kernel -- use after free in FIFO event channel code
The Xen Project reports: When the EVTCHNOPinitcontrol operation is called with a bad guest frame number, it takes an error path which frees a control structure without also clearing the corresponding pointer. Certain subsequent operations EVTCHNOPexpandarray or another EVTCHNOPinitcontrol, upon...
xen-kernel -- x86 shadow pagetables: address width overflow
The Xen Project reports: In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an...