Citrix Releases Security Updates for Hypervisor 

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX335432 and apply the necessary updates. This product ...

Vulnerabilities fixed in Citrix Hypervisor

Several security issues have been fixed in Citrix Hypervisor, which may cause the host to crash or become un responsive. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below: https://support.citrix.com/article/CTX335432...

Citrix Hypervisor Security Update

Several security issues have been identified in Citrix Hypervisor, that may each allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues have the following identifiers: CVE-2021-28704 CVE-2021-28705 CVE-2021-28714 CVE-2021-28715 All of these issues affe...

Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover

A security vulnerability in VMware’s Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments – and a patch is still pending for some users. The issue affects a wide swath of the virtualization specialist’s portfolio and affects...

LSN-0083-1: Kernel Live Patch Security Notice

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...

LSN-0083-1 Kernel Live Patch Security Notice

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...

VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products

VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 CVSS score: 7.7 —...

VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the SCSI...

CVE-2021-28711

Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...

Code injection

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...

CVE-2021-38918

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...

CVE-2021-38918

CVE-2021-38918 – IBM PowerVM Hypervisor Affected products: IBM PowerVM Hypervisor firmware FW860, FW940, FW950, and FW1010 (Power 8/9/10 platforms listed in the IBM bulletin). What is vulnerable: A specific sequence of VM management operations from the management console (HMC, Novalink, or PowerV...

CVE-2021-22045

VMware ESXi 7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG, VMware Workstation 16.2.0 and VMware Fusion 12.2.0 contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able t...

CVE-2021-22045

VMware ESXi 7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG, VMware Workstation 16.2.0 and VMware Fusion 12.2.0 contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able t...

Heap overflow

VMware ESXi 7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG, VMware Workstation 16.2.0 and VMware Fusion 12.2.0 contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able t...

CVE-2021-22045

VMware ESXi 7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG, VMware Workstation 16.2.0 and VMware Fusion 12.2.0 contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able t...

Qualcomm 组件 输入验证错误漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides functionality to Qualcomm devices. A security vulnerability exists in the Qualcomm Component that originates from incorrect validation of memory regions in the Hypervisor can lead to incorrect regi...

VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

1. Impacted Products VMware ESXi VMware Workstation Pro / Player Workstation VMware Fusion VMware Cloud Foundation 2. Introduction A heap-overflow vulnerability in VMware Workstation, Fusion and ESXi was privately reported to VMware. Updates are available to remediate this vulnerability in...

CVE-2021-28713

A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service. Mitigation...

CVE-2021-28712

A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service. Mitigation...