CVE-2026-41567

CVE-2026-41567 affects Docker Engine and Moby earlier than 29.5.1 / moby/moby v2 before v2.0.0-beta.14. When uploading a compressed archive to a container via PUT /containers/{id}/archive or piping with docker cp -, the daemon resolves decompression binaries from the container filesystem rather t...

Astra Linux - уязвимость в qemu

A flaw was discovered in qemu. A host privilege escalation issue was identified in the virtio-fs shared file system daemon, where a privileged guest user is able to create a device-specific special file in the shared directory and use it to gain read/write access to host devices...

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

...

CentOS 9 : qemu-kvm-6.1.0-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the qemu-kvm-6.1.0-3.el9 build changelog. - use-after-free during packet reassembly rhel-av-8 CVE-2019-15890 - A flaw was found in QEMU in the implementation of the Pointer...

Host can bypass reentrancy guard in rageQuit()

Lines of code Vulnerability details Impact Host can bypass reentrancy guard in rageQuit. Proof of Concept In PartyGovernanceNFT.rageQuit there is a reentrancy guard: // Check if ragequit is allowed. uint40 currentRageQuitTimestamp = rageQuitTimestamp; if currentRageQuitTimestamp !=...

SUSE CVE-2019-19580

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type...

SUSE CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash...

CVE-2020-35517

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices...

Vulnerabilities fixed in Citrix Hypervisor

Citrix has fixed vulnerabilities in Hypervisor. The vulnerabilities allow a malicious person with the right to execute code execute code in the guest be able to obtain system data, appropriate assign privileges on the host or cause a denial-of-service cause a Denial-of-Service on the host. Citrix...

Vulnerabilities fixed in VMware ESXi, Workstation and Fusion

VMWare has fixed two vulnerabilities in VMWare Workstation, ESXi and Fusion. A malicious person with authorization in a virtual environment could exploit the vulnerabilities to break out of the virtual environment and execute arbitrary code with the permissions of the virtualization process on th...

ALPINE-CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

UBUNTU-CVE-2018-19961

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes...

CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

Mozilla Firefox WebExtensions Host Privilege Bypass Vulnerability

Mozilla Firefox browser Firefox is a free and open source browser for Windows, Linux and MacOSX platforms. Mozilla Firefox suffers from a WebExtensions host privilege bypass vulnerability. An attacker can exploit this vulnerability to bypass host privilege settings via request redirection and...

DEBIAN-CVE-2017-17045

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...

ALPINE-CVE-2017-17045

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...

CVE-2017-12136

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service free list corruption and host crash or gain privileges on the host via vectors involving maptrack free list handling...

The vulnerability of Xen hypervisors allows a attacker to trigger a service failure or gain privileged access to the host.

The vulnerability of Xen hypervisors is related to deficiencies in access control for GNTMAPdevicemap and GNTMAPhostmap provided that GNTMAPhostmap is in the unmapping mode. Exploiting this vulnerability can allow a malicious actor to cause a service failure memory corruption or gain privileged...

x86: Mishandling of instruction pointer truncation during emulation

ISSUE DESCRIPTION When emulating HVM instructions, Xen uses a small i-cache for fetches from guest memory. The code that handles cache misses does not check if the address from which it fetched lies within the cache before blindly writing to it. As such it is possible for the guest to overwrite...

Debian DLA-571-1 : xen security update (Bunker Buster)

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2014-3672 XSA-180 Andrew Sorensen discovered that a HVM domain can exhaust the hosts disk space by filling up the log file. CVE-2016-3158,...