Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

Kernel: KVM: OOB memory access via mmio ring buffer

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

Linux kernel denial of service vulnerability (CNVD-2017-37597)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in the KVM in Linux kernel. An attacker can exploit this vulnerability to...

Kernel: kvm: page reference leakage in handle_vmon

Linux kernel built with the KVM visualization support CONFIGKVM, with nested visualizationnVMX feature enablednested=1, is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handlevmon'. An L1 guest user could use this flaw to leak host memory potentiall...

Kernel: Kvm: vmx/svm potential privilege escalation inside guest

Linux kernel built with the Kernel-based Virtual Machine CONFIGKVM support was vulnerable to an incorrect segment selectorSS value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resultin...

UBUNTU-CVE-2016-9588

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the BP and OF exceptions, which allows guest OS users to cause a denial of service guest OS crash by declining to handle an exception thrown by an L2 guest...

USN-2801-1 linux vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS...

kernel: kvm: vmx: invalid host cr4 handling across vm entries

It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system...

PYSEC-2014-111

The icreateimagesandbacking aka createimagesandbacking method in libvirt driver in OpenStack Compute Nova Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users vi...

Moderate: Red Hat Security Advisory: kvm security and bug fix update

Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PT-2010-2200 · Red Hat · Red Hat Enterprise Virtualization +2

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization RHEV version 2.2 KVM version 83 Description: The issue allows guest OS users to cause a denial of service, resulting in a host OS crash due to a NULL pointer dereference. This occurs when the Intel VT-x...

kvm: emulator privilege escalation IOPL/CPL level check

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not use the Current Privilege Level CPL and I/O Privilege Level IOPL to restrict instruction execution, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the...

PT-2010-2100 · Linux +1 · Kvm +1

Name of the Vulnerable Software and Affected Versions: KVM version 83 Description: The issue arises from the pit ioport read function in the Programmable Interval Timer PIT emulation, specifically in the i8254.c file. This function does not properly utilize the pit state data structure, allowing...