[SECURITY] Fedora 36 Update: qemu-6.2.0-16.fc36

qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...

virt-who bug fix and enhancement update

An update is available for virt-who. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virt-who service collects information about the connection between the...

The vulnerability of Xen hypervisors, related to the use of memory after it is freed, allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of Xen hypervisors is related to the use of memory after it has been freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure...

The vulnerability of Xen hypervisors, related to the swapping of the zero pointer, allows a attacker to trigger a service failure.

The vulnerability of Xen hypervisors is related to the handling of the zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

Microsoft Windows Hyper-V Elevation of Privilege Vulnerability

Microsoft Windows Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization, Microsoft Windows Hyper-V has an elevation of privilege vulnerability that stems from improper privilege assignment in the application and...

Vulnerabilities fixed in Citrix Hypervisor

Several vulnerabilities have been fixed in Citrix Hypervisor. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To exploit the vulnerability with reference CVE-2022-33748, two malicious virtual machines need to two rogue virtual machines to work...

The vulnerability of VMware Cloud Foundation and VMware ESXi hypervisor lies in improper resource cleaning or release mechanisms, allowing attackers to trigger service failures.

The vulnerability of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2022-33746

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

Citrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749

Several security issues have been identified in Citrix Hypervisor 8.2 LTSR CU1. These are: A malicious privileged user in a guest VM working in collaboration with a malicious privileged user in another guest VM can cause the host to crash or become unresponsive. This issue has the following CVE...

Microsoft Hyper-V 安全漏洞

Microsoft Windows Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization, Microsoft Windows Hyper-V has an elevation of privilege vulnerability that stems from improper privilege assignment in the application and...

The vulnerability of the Oxenstored component in the Xen hypervisor allows a hacker to execute arbitrary code.

The vulnerability of the Oxenstored component in the Xen hypervisor is related to the use of an unreliable search path. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of Xen hypervisors relates to the unsafe management of privileges, allowing attackers to elevate their own privileges.

The vulnerability of Xen hypervisors is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

Amazon Linux AMI : kernel (ALAS-2022-1636)

The version of kernel installed on the remote host is prior to 4.14.294-150.533. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1636 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the w...

The vulnerability of Xen hypervisors, related to deficiencies in the authorization process, allows attackers to gain unauthorized access to protected information.

The vulnerability of Xen hypervisors is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

New Malware Families Found Targeting VMware ESXi Hypervisors

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi,...

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...

USN-5623-1 linux-hwe-5.15, linux-lowlatency-hwe-5.15 vulnerabilities

Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the framebuffer driver on the Linux...

USN-5616-1: Linux kernel (Intel IoTG) vulnerabilities

Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...

CVE-2022-22093

Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...