Ubuntu: Security Advisory (USN-4302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0688-1)

The SUSE Linux Enterprise 15-SP1 kernel-RT was updated to 4.12.14 to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-8992: Fixed an issue in ext4protectreservedinode in fs/ext4/blockvalidity.c that allowed attackers to cause a soft lockup via a crafted...

Parallels Desktop xHCI Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Parallels Desktop xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...

VMware Workstation vmnetdhcp Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Parallels Desktop VGA Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA...

Parallels Desktop xHCI Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-336)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-14615: Insufficient control flow in certain data structures for some IntelR Processors with IntelR Processor Graphics may have allowed an unauthenticated user to...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2020:0336-1 Rating: important References: 1046303 1050244 1050549 1051510 1051858 1060463 1061840 1065600 1065729 1071995 1083647 1085030 1086301 1086313 1086314 1088810 1090888 1103989 1103990 1103991...

Xen Arm-Based CPU Speculation past the ERET Instruction (XSA-312)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a speculative memory accesses vulnerability. Some CPUs can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0584-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources bsc1163971. CVE-2019-19338:...

Xen Denial of Service Vulnerability (XSA-304)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an incorrect fix for CVE-2017-15595 which incorrectly drops some linearptentry counts. A local, attacker could exploit this issue, by making loops...

Xen Information Disclosure Vulnerability (XSA-305)

According to its self-reported version number, the Xen Hypervisor installed on the remote host is affected by an information disclosure vulnerability. A TSX Asynchronous Abort condition exists on some CPUs utilizing speculative execution. An authenticated, local attacker can exploit this to...

Xen Device Quarantine for Alternate PCI Assignment Methods Privilege Escalation Vulnerability (XSA-306)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a privilege escalation vulnerability due to an incomplete fix for CVE-2019-18424. An unauthenticated attacker with physical access to the device can exploit this issue, via an untrusted...

MGASA-2020-0110 Updated kernel packages fix security vulnerability

This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...

Updated kernel packages fix security vulnerability

This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...

Xen Grant Table Transfer Issues on Large Hosts Denial of Service Vulnerability (XSA-284)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. When the code processing grant table transfer requests finds a page with an address too large to be represented in the interface with the guest, it...

The vulnerability of the xenvif_set_hash_mapping function in Xen hypervisors allows a malicious actor to gain unauthorized access to information and compromise its integrity and accessibility.

The vulnerability of the xenvifsethashmapping function in Xen hypervisors is related to integer overflow when processing requests to the netback driver. Exploiting this vulnerability can allow an attacker to gain unauthorized access to information and compromise its integrity and availability...

The vulnerability of Xen hypervisors, related to improper error handling, allows a malicious actor to trigger a service failure.

The vulnerability of Xen hypervisors is related to incorrect error handling. Exploiting this vulnerability can allow an attacker to cause a service failure...