96 matches found
CVE-2021-4093
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.
...
CVE-2020-8834
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...
Design/Logic Flaw
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...
CVE-2020-8834
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...
DEBIAN-CVE-2019-3016
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD...
RHEL 7 : kernel (RHSA-2019:2866)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2866 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A buffer overflow flaw was found in the way Lin...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.145 and fixes at least the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code CVE-2019-14814,...
Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Register MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash th...
[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
CVE-2019-3887
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...
CVE-2019-3887
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...
[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
Linux kernel KVM hypervisor memory misreference vulnerability
Linux kernel is the kernel used by the operating system Linux released by the Linux Foundation in the U.S. KVM hypervisor is one of the kernel-based virtual machines. A memory misreference vulnerability exists in the KVM hypervisor in the Linux kernel. An attacker could exploit this vulnerability...
[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
[SECURITY] Fedora 27 Update: qemu-2.10.2-1.fc27
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities
An unnamed company will start an eight-week, invite-only bug bounty program in September that offers a $250,000 payout for virtual-machine escape vulnerabilities tied to an unreleased product. Bugcrowd announced the program today, and said the high-priced bounty is the largest advertised bounty o...
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
VirtualBox: unprivileged host user - host kernel privesc via ALSA config CVE-2017-3576 This is another way to escalate from an unprivileged userspace process into the VirtualBox process, which has an open file descriptor to the privileged device /dev/vboxdrv and can use that to compromise the hos...