Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

OSV
OSVadded 2020/04/09 10:15 p.m.3 views

DEBIAN-CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

6.5CVSS5.6AI score0.00344EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2020/04/07 8:5 p.m.37 views

CVE-2020-8834

A flaw was found in the way the KVM hypervisor on the Power8 processor stores the r1 register state in the 'HSTATEHOSTR1' field on the Linux kernel stack. This flaw occurs while handling hypercalls in Transactional Memory TM suspend mode in the kvmppcsavetm and kvmppcrestoretm routines, leading t...

6.5CVSS0.9AI score0.00344EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2019/08/07 7:56 p.m.1 views

Kernel: KVM: leak of uninitialized stack contents to guest

An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object hold...

5.5CVSS7.1AI score0.00678EPSS
Exploits1References4
Veracode
Veracodeadded 2019/05/02 6:36 a.m.28 views

Information Disclosure

QEMU is vulnerable to information disclosure attacks. This is because the patchinstruction function in hw/i386/kvmvapic.c does not initialize the imm32 variable which allows a local attacker to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

6.5CVSS5.9AI score0.00375EPSS
Exploits0References219Affected Software1
OSV
OSVadded 2016/05/25 3:59 p.m.2 views

DEBIAN-CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

6.5CVSS6.2AI score0.00375EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2016/05/25 3:0 p.m.28 views

CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

6.5CVSS6.8AI score0.00375EPSS
Exploits0
Cvelist
Cvelistadded 2016/05/25 3:0 p.m.27 views

CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

6.6AI score0.00375EPSS
Exploits0References11
Rows per page
Query Builder