CVE-2021-35090

CVE-2021-35090 describes a TOC TOU race condition that could cause hypervisor memory corruption when updating address mappings on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/Industrial IOT/ Mobile). Root cause: TOC-Timing-Of-Check/Time-Of-Use race in kernel memory mappings. Impact st...

CVE-2021-35101

Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile...

CVE-2021-35101

The CVE-2021-35101 entry concerns Qualcomm Snapdragon platforms (Auto/Compute/Mobile) with an issue in handling writes to the virtual GICR control. The underlying problem is described as improper handling that can trigger an assertion failure in the hypervisor. Public documents indicate a local a...

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...

ALPINE-CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

UBUNTU-CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

SUSE SLES12 Security Update : kernel-firmware (SUSE-SU-2022:1846-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1846-1 advisory. - Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO device to write to...

SUSE SLED15 / SLES15 Security Update : kernel-firmware (SUSE-SU-2022:1840-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1840-1 advisory. - Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO...

GHSA-HJ57-J5CW-2MWP Ignition config accessible to unprivileged software on VMware

Impact Unprivileged software in VMware VMs, including software running in unprivileged containers, can retrieve an Ignition config stored in a hypervisor guestinfo variable or OVF environment. If the Ignition config contains secrets, this can result in the compromise of sensitive information...

GHSA-MM5C-7MPR-99FM CSRF vulnerability in Jenkins Libvirt Agents Plugin

Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to stop hypervisor domains. Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests f...

CSRF vulnerability in Jenkins Libvirt Agents Plugin

Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to stop hypervisor domains. Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests f...

Citrix Hypervisor 8.2 : MCS Catalog update deletes Target base disks.

Xenserver audit.log throwsERROR:NOTSUPPORTEDDURINGUPGRADE Mar 30 02:38:59 XXXXX xapi: 20220330T00:38:59.214Z|audit||8715 HTTP 10.1.XX.XX-:::80|VDI.setonboot R:780016cf9118|audit 'trackid=39b4363b70f699b0ab419280ab8b4fe2' 'S-1-XXXX-XX-XX-8' 'XX\\XXXXX' 'ALLOWED' 'ERROR:NOTSUPPORTEDDURINGUPGRADE :...

OpenStack Nova DoS by rebuilding the same instance with a new image multiple times

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

GHSA-8Q95-JJ7P-X93X Openstack Neutron vulnerable to eavesdropping on private traffic

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...

Control domain memory leak issue on Citrix Hypervisor 8.2 with ixgbe driver version 5.5.2

When using intel NIC driver ixgbe version 5.5.2, OOM killer is killing XAPI process very frequently...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to circumvent existing security restrictions.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to resource release errors. Exploiting this vulnerability can allow an attacker to circumvent existing security restrictions...

CVE-2021-46744

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time...

Design/Logic Flaw

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time...

CVE-2021-46744

Technical details about CVE-2021-46744 are not publicly provided in the supplied Connected documents. The initial entry mentions a SEV data-inference risk on AMD SEV guests, but no product/version/root-cause/fix is given here. Monitor for updates.

CVE-2021-46744

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time...