Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...

CVE-2024-50139 KVM: arm64: Fix shift-out-of-bounds bug

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sysregs.c:1988:14 shift exponent 33 is too large f...

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:6964)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6964 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contain...

RHEL 6 : qemu-kvm-rhev (RHSA-2014:0434)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0434 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...

KVM: s390: fix validity interception issue when gisa is switched off

...

kernel: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled if and only if NMIs are actually masked, i.e. if the vCPU is already handling an NMI. KVM's ABI fo...

DEBIAN-CVE-2024-46830

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS Grab kvm-srcu when processing KVMSETVCPUEVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note,...

The vulnerability of the `fixup_guest_exit` function in the arm64 component of the KVM virtualization subsystem of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the fixupguestexit function in the arm64 component of the KVM virtualization subsystem of the Linux operating system is related to the use of an outdated value of esr when a SError exception occurs. Exploiting this vulnerability can allow an attacker to cause a service failur...

Agentless is a DAM Better Option for Securing Cloud Data

When it comes to on-premises database activity monitoring DAM, security teams have consistently relied on agents to seamlessly track all incoming requests and outgoing responses within the databases. The agent-based approach effectively ensures independent monitoring of database activity,...

Low: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security and bug fix update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the KVM:LAPIC module de-preempting the preemption timer during SETLAPIC...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a forced departure from the nested virtualizer when the KVM:x86 module switches SMM states...

SUSE CVE-2024-36953

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which of course may not be valid. If the ID is invalid, kvmgetvcpubyid...

UBUNTU-CVE-2021-47389

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if binding an ASID fails after RECEIVESTART. Per AMD's SEV API, RECEIVESTART generates a new guest context and thus needs to be paired...

UBUNTU-CVE-2021-47230

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is always synchronized with the vCPU's flag. If R...

The vulnerability of the kvm_io_bus_unregister_dev() function in the KVM subsystem of Linux operating systems allows a attacker to cause a service failure.

The vulnerability of the kvmiobusunregisterdev function in the KVM subsystem of Linux operating systems is related to errors in pointer assignment during device registration. Exploiting this vulnerability can allow an attacker to cause system failures...

LG webOS Security Vulnerability

LG webOS is a Linux kernel-based operating system for Smart TVs from the South Korean company LG. A security vulnerability exists in LG webOS. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2023-49794

KernelSU (Kernel-based root solution for Android) versions ≤ 0.7.1 contain a bypass in the kernel module’s apk-path logic. This allows a malicious apk named me.weishu.kernelsu, or one with a package name matching the official KernelSU Manager, to obtain root privileges on the device. Exploitation...

CVE-2023-49794 The logic of get apk path in KernelSU module can be bypassed

KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...