Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to open-vm-tools (CVE-2023-20867)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit a compromised hypervisor to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20867 DESCRIPTION: VMware Tools could allow a local...

AZL-47991 CVE-2024-41070 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...

USN-6921-1: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6921-1 linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6919-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 It was discovered that the ATA over...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6917-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6917-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointe...

No title provided

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: x86/xen: Add some null pointer checking to smp.c The Linux kernel CVE team has assigned CVE-2024-26908 to this issue...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-6898-4)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6898-4 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereferenc...

CVE-2023-6129 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2023-6129 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45853 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2023-45853 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-37434 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2022-37434 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-6237 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2023-6237 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-0727 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2024-0727 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-5678 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2023-5678 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-2511 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2024-2511 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-4603 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2024-4603 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...

CLSA-2024-1721659604 Fix of 96 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-35902 - net/rds: fix possible cp null dereference CVE-url: https://ubuntu.com/security/CVE-2024-38587 - speakup: Fix sizeof vs ARRAYSIZE bug CVE-url: https://ubuntu.com/security/CVE-2024-39493 - crypto: qat - Fix ADFDEVRESETSYNC memory leak CVE-url:...

Driver Disk for Microsemi smartpqi 2.1.30_031 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- smartpqi| SAS/Storage Controller| 2.1.30031...