CVE-2023-5088

CVE-2023-5088 is a QEMU vulnerability where an IDE guest I/O operation addressed to an arbitrary disk offset may be mis-targeted to offset 0, potentially overwriting the VM boot code. Affected context includes scenarios with nested guests (L2 reading/writing LBA0 of vdiskL1 via vdiskL2). Public r...

CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

Fedora: Security Advisory for xen (FEDORA-2023-a4c606585e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for xen (FEDORA-2023-881672fdab)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-of-bounds

VMware Workstation 17.x prior to 17.5 and Fusion13.x prior to 13.5 contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to...

Dissect - Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT part of NCC Group. This project is a meta package, it will install all other Dissect modules with the...

Ubuntu 22.04 LTS / 23.04 : Linux kernel vulnerabilities (USN-6383-1)

The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6383-1 advisory. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from...

[SECURITY] Fedora 37 Update: xen-4.16.5-1.fc37

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CVE-2023-21264

CVE-2023-21264 affects the Linux kernel (ARM64 KVM) where a memory access check in mem_protect.c can permit access to hypervisor memory due to the check being in the wrong place. The result is local elevation of privilege to System execution level, with exploitation not requiring user interaction...

(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag with...

[SECURITY] Fedora 38 Update: xen-4.17.1-9.fc38

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

ASB-A-279739439

In multiple functions of memprotect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

Cisco Nexus 1000V ESXi Hypervisor Denial of Service (CVE-2013-1210)

Array index error in the Virtual Ethernet Module VEM kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service ESXi crash and purple screen of death by sending crafted STUN packets to a VEM, aka Bug ID...

CVE-2023-25683

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592...

Information disclosure

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592...

CVE-2023-25683

This CVE concerns IBM PowerVM Hypervisor information disclosure. Affected firmware ranges are FW950.00–FW950.71, FW1010.00–FW1010.40, FW1020.00–FW1020.20, and FW1030.00–FW1030.11. The underlying issue allows an attacker with HMC service access to obtain sensitive information. IBM’s bulletin cites...

CVE-2023-25683 IBM PowerVM Hypervisor information disclosure

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592...

Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution

bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured. Architecture bootlicker takes its design from the legacy...