Important: Red Hat Security Advisory: rhev-hypervisor7 security update

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. ...

Intel CPUs Undermined By Fresh Speculative Execution Flaws

UPDATE Three new speculative execution design flaws in Intel CPUs were disclosed today, this time impacting Intel’s Software Guard Extensions SGX technology, its OS and system management mode SMM and hypervisor software. The three vulnerabilities would allow attacks on Intel Core and Xeon...

Use of v2 grant tables may cause crash on ARM

ISSUE DESCRIPTION ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG checks. IMPACT An unprivilege...

HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)

Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A new speculative execution side channel variant has been discovered called L1 Terminal Fault L1TF. There are no repor...

VMSA-2018-0020:VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.

VMSA-2018-0020 VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0020 VMware Security Advisory Severity: Important VMware Security Advisory...

Xen Project x86 Paravirtualization Local DoS (XSA-264)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if...

Xen Project Local Security Bypass Vulnerability (XSA-266)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local security bypass vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patche...

(Pwn2Own) Oracle Virtualbox HGCM Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

(Pwn2Own) Oracle Virtualbox HGCM Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

MGASA-2018-0324 Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.56 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptio...

Important: Red Hat Security Advisory: rhev-hypervisor7 security update

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. ...

PT-2018-2684 · Xen +4 · Xen +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.12 Xen versions prior to 4.11.x Description: An issue in the Linux kernel and Xen hypervisor allows local users to cause a denial of service or possibly gain privileges. The xen failsafe callback entry poin...

The vulnerability of the Hypervisor component of the Mac OS X operating system allows a hacker to execute arbitrary code with root privileges or cause a service failure.

The vulnerability of the Hypervisor component in the Mac OS X operating system arises due to an overflow in the memory buffer. Exploiting this vulnerability can allow an attacker to execute arbitrary code with root privileges or cause a service failure using a specially created application...

Oracle VirtualBox crServerDispatchMessage Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox crUnpackExtendAreProgramsResidentNV Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox crServerDispatchGetShaderSource Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox SHCRGL_GUEST_FN_WRITE_READ_BUFFERED Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

[SECURITY] Fedora 27 Update: xen-4.9.2-6.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

July 18, 2018—KB4338831 (Preview of Monthly Rollup)

July 18, 2018—KB4338831 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part KB4338815 released July 10, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses additional...

CVE-2018-6966

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...