20 matches found
EUVD-2026-33944
The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...
CVE-2026-10047
The CVE-2026-10047 entry describes an out-of-bounds write in Bitdefender Napoca bare-metal hypervisor’s real-mode hook handler (napoca/kernel/handler.c). The vulnerability arises from using a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds check...
CVE-2026-10047 Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)
The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...
GHSA-852M-CVVP-9P4W Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion
Impact Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector where a guest can induce a range of...
RUSTSEC-2026-0020 Guest-controlled resource exhaustion in WASI implementations
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w For more information see the GitHub-hosted security advisory...
ALPINE-CVE-2025-58150
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
UBUNTU-CVE-2025-58150
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
EUVD-2025-206476
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
UBUNTU-CVE-2025-39823
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...
CVE-2024-51565
The hda driver is vulnerable to a buffer over-read from a guest-controlled value...
CVE-2024-51562
The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over-read from a guest-controlled value...
CVE-2024-51562
Summary (CVE-2024-51562): The bhyve hypervisor/FreeBSD NVMe path is affected by a buffer over-read in the NVMe driver function nvme_opc_get_log_page, triggered by a guest-controlled value. This can enable a DoS against the bhyve host and potential memory access of bhyve-process memory by a malici...
PT-2024-34709 · Unknown +1 · Hda Driver +1
Name of the Vulnerable Software and Affected Versions: hda driver affected versions not specified Description: The issue concerns a buffer over-read in the hda driver, which is triggered by a guest-controlled value. This allows for potential exploitation. No information is provided about the...
CVE-2023-34325 Multiple vulnerabilities in libfsimage disk handling
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...
Guest-controlled out-of-bounds read/write on x86\_64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8. For more information see the GitHub-hosted security advisory...
Xenstore: Guests can crash xenstored
ISSUE DESCRIPTION Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the...
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...