Code injection

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vipciwrite has is a call to vccfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denia...

Memory corruption

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...

CVE-2021-32844

CVE-2021-32844 affects HyperKit up to version 0.20210107. The vulnerability originates from a null-pointer check omission in the vi_pci_write path calling vc_cfgwrite, which can cause the host to crash and potentially lead to a denial of service. The issue is fixed in commit 451558fe8aaa8b24e02e3...

CVE-2021-32843

HyperKit prior to 0.20210107 contains a null-check flaw in virtio.c where vc_cfgread is called without validating pointers, allowing a guest to crash the host and cause a denial of service. A fix is available in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4. Affected users should upgrade to the...

SUSE CVE-2010-0435

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

SUSE CVE-2012-4539

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service infinite loop and hang or crash via invalid arguments to GNTTABOPgetstatusframes, aka "Grant table hypercall infinite loop DoS vulnerability."...

SUSE CVE-2014-8867

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O MMIO emulated in the hypervisor, which allows local HVM guests to cause a denial of service host crash via unspecified vectors...

Cross-Thread Return Address Predictions

Bulletin ID: AMD-SB-1045 Potential Impact: Information Disclosure Summary AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosur...

CVE-2022-33232 Buffer copy without checking size of input in Hypervisor

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory...

CVE-2022-33232 Buffer copy without checking size of input in Hypervisor

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory...

Introducing kernel sanitizers on Microsoft platforms

As part of Microsoft’s commitment to continuously raise security baselines, we have been introducing innovations to the foundation of the chip-to-cloud security outlined in the Windows 11 Security Book. Strong foundational security enables us to build defenses from the ground up and develop...

CVE-2021-26403

CVE-2021-26403 corresponds to an AMD SEV vulnerability: insufficient checks in SEV could allow a malicious hypervisor to disclose the launch secret, risking VM confidentiality. Documented impact: local attacker with low privileges could compromise confidentiality; exploit details are not provided...

K11186236: Linux kernel KVM subsystem vulnerability CVE-2019-6974

Security Advisory Description In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free. CVE-2019-6974 Impact BIG-IP An attacker may use this vulnerability to cause a vCMP guest to crash,...

CVE-2022-3107

CVE-2022-3107 affects the Linux kernel (up to 5.16-rc6) and is triggered in the netvsc driver (drivers/net/hyperv/netvsc_drv.c) where netvsc_get_ethtool_stats does not properly check the return value of kvmalloc_array(), leading to a NULL pointer dereference. The connected TencentOS/TSSA advisory...

CVE-2022-25681

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

Memory corruption

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2022-25681

CVE-2022-25681 describes memory corruption in the kernel caused by the hypervisor not correctly invalidating processor translation caches for Qualcomm Snapdragon platforms (Auto, Compute, Consumer IOT, Industrial IOT, Mobile). Affected component scope is the kernel in Snapdragon’s virtualization ...

[SECURITY] Fedora 35 Update: xen-4.15.4-1.fc35

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2022-53a4a5dd11)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for xen (FEDORA-2022-9f51d13fa3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...