10 matches found
CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...
RUSTSEC-2026-0086 Host data leakage with 64-bit tables and Winch
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m9w2-8782-2946 For more information see the GitHub-hosted security advisory...
USN-7939-1: Linux kernel (Azure) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7862-2: Linux kernel vulnerability
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
CVE-2022-20779
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
CVE-2022-20777
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
CVE-2022-20777
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
CVE-2022-20780
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
Vulnerabilities fixed in Xen
Xen's developers have fixed several vulnerabilities in Xen. A local malicious person could exploit the vulnerabilities to cause a denial-of-service, both in the guest system as well as the underlying host. Also, potentially the vulnerabilities could be exploited to obtain sensitive data in memory...
ALPINE-CVE-2017-15589
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...