kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service host OS memory corruption or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address GPA in 1 movable or 2...

DEBIAN-CVE-2013-1798

The ioapicreadindirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPICREGSELECT and IOAPICREGWINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of...

DEBIAN-CVE-2013-1797

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service host OS memory corruption or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address GPA in 1 movable or 2...

libspice: Insufficient guest provided memory mappings boundaries validations

libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...

libspice: Insufficient guest provided memory mappings boundaries validations

libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...

kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0

The kvmemulatehypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service guest kernel crash and...

qemu/xen/kvm: ioemu: Fix PVFB backend to limit frame buffer size

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

Design/Logic Flaw

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

CVE-2008-1952

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

CVE-2008-1952

CVE-2008-1952 affects the Xen PVFB backend: the para-virtualized framebuffer backend in Xen ioemu does not properly restrict the frame buffer size, allowing a local attacker to crash the guest by mapping an arbitrary amount of guest memory (denial of service). The MiracleLinux advisories describe...

CVE-2008-1952

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...