The vulnerability of Xen hypervisors arises from the improper accounting of resources by external emulators, allowing a malicious actor to trigger a service failure or increase their privileges.

The vulnerability of Xen hypervisors is related to the improper accounting of resources from external emulators. Exploiting this vulnerability can allow an attacker to cause service failures or increase their privileges...

The vulnerability of Xen hypervisors, related to the swapping of the zero pointer, allows a attacker to trigger a service failure.

The vulnerability of Xen hypervisors is related to the handling of the zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5543)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5543 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30944739 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5542)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5542 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...

CVE-2015-5201

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows...

CVE-2015-5201

CVE-2015-5201 affects VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (RHEV-H) 6-6.x (before 6-6.7-20151117.0) and 7-7.x (before 7-7.2-20151119.0) as packaged before RHEV-H 3.5.6. The underlying issue occurs when VSDM runs with -spice disable-ticketing and a VM is suspended and t...

CVE-2020-2732

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5540)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5540 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847136 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...

PT-2020-7855 · Red Hat · Red Hat Enterprise Virtualization Hypervisor +1

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Hypervisor aka RHEV-H versions 6-6.x through 6-6.7-20151117.0 Red Hat Enterprise Virtualization Hypervisor aka RHEV-H versions 7-7.x through 7-7.2-20151119.0 Red Hat Enterprise Virtualization versions prior t...

FreeBSD : Mbed TLS -- Cache attack against RSA key import in SGX (056ea107-5729-11ea-a2f3-001cc0382b2f)

Janos Follath reports : If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. The attack only requires access to fine grained measurements to cache usage...

CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

RHEL 8 : virt:8.1 and virt-devel:8.1 (RHSA-2020:0555)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0555 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM hypervisor in environments managed by...

Moderate: Red Hat Security Advisory: virt:8.1 and virt-devel:8.1 security update

An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Mbed TLS -- Cache attack against RSA key import in SGX

Janos Follath reports: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. The attack only requires access to fine grained measurements to cache usage...

Citrix Director displays multiple Hypervisor health alerts

Background Citrix Director displays alerts on the dashboard and other high level views to monitor infrastructure. Alerts from various hypervisors including XenServer and vSphere, help monitor the hypervisor parameters and states. Starting with CVAD 2411, Citrix Director introduces bulk dismissal ...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5535)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5535 advisory. - KVM: x86: fix out-of-bounds write in KVMGETEMULATEDCPUID CVE-2019-19332 Paolo Bonzini Orabug: 30658695 CVE-2019-19332 - rtlwifi: Fix potential...

Important: Red Hat Bug Fix Advisory: Satellite 6.6.2 Async Bug Fix Update

Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...

The vulnerability of Xen hypervisors relates to the situation where an operation is performed outside the buffer boundaries of memory, allowing a malicious actor to cause a service failure.

The vulnerability of Xen hypervisors relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. The cryptoreport function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. CVE-2019-19062 ...

CVE-2019-19273

On Samsung mobile devices with O8.0 and P9.0 software and an Exynos 8895 chipset, RKP aka the Samsung Hypervisor EL2 implementation allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265...