CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC, not WB

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

CVE-2024-46689

CVE-2024-46689 affects the Linux kernel function soc: qcom: cmd-db. The root cause is mapping the shared cmd-db memory region as WB instead of WC, which can trigger an XPU write-protection false positive that leads to a secure interrupt and an endless loop in Trust Zone. Qualcomm Hypervisor curre...

CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC, not WB

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC, not WB

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7007-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7007-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7009-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

The vulnerability of the Shadow Mode component of the cross-platform Xen hypervisor in Linux operating systems arises from insufficient validation of input data, allowing attackers to exploit their privileges.

The vulnerability of the Shadow Mode component of the cross-platform hypervisor Xen in the Linux operating system is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the libfsimage component of the cross-platform Xen hypervisor for Linux operating systems, related to writing beyond the memory boundaries, allows attackers to influence the confidentiality, integrity, and accessibility of data.

The vulnerability of the libfsimage component in the cross-platform kernel hypervisor for Linux operating systems is related to insufficient validation of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of data...

CVE-2024-6658

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 inclusive From 7.2.49.0 to 7.2.54.11 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

CVE-2024-6658

CVE-2024-6658 is an Improper Input Validation vulnerability affecting Kemp LoadMaster products. The issue allows an authenticated user to trigger OS command injection due to improper input validation in LoadMaster’s exposed functionality. Affected versions include LoadMaster 7.2.55.0–7.2.60.0 (in...

CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 inclusive From 7.2.49.0 to 7.2.54.11 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 inclusive From 7.2.49.0 to 7.2.54.11 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

ROS-20240911-11

Vulnerability in the cross-platform Xen hypervisor of the Linux operating system kernel is related to disclosure of information. Exploitation of the vulnerability could allow an attacker acting remotely to gain Unauthorized access to protected information A vulnerability in the libfsimage compone...

CVE-2024-38235

Windows Hyper-V Denial of Service Vulnerability...

Hotfix XS82ECU1076 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. Note: This hotfix is available only to customers on the Customer Success Services program. Information About this Hotfix Prerequisite| XS82ECU1040 ---|--- Post-update tasks| Restart...

XenServer Software Updates

Introduction We provide regular updates to Citrix Hypervisor, XenServer, and XenCenter. These updates can include bug fixes, improvements, and new features. Overview of the Article This article assists you in finding resources that inform you about Citrix Hypervisor and XenServer software updates...

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant MT hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 CVSS score: 10.0, the vulnerability has been described as an improper input...

FreeBSD-SA-24:12.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:12.bhyve Security Advisory The FreeBSD Project Topic: bhyve8 privileged guest escape via USB controller Category: core Module: bhyve Announced: 2024-09-04...

AZL-48792 CVE-2024-6119 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-2

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

[SECURITY] Fedora 40 Update: xen-4.18.2-5.fc40

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...