Virtuozzo ReadyKernel patch 123.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure. Vulnerability id: PSBM-126014 3.10.0-1127.18.2.vz7.163.46 The number of...

AZL-6522 CVE-2020-16120 affecting package kernel for versions less than 5.10.78.1-1

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

ALPINE-CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

UBUNTU-CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

Gustave - Embedded OS kernel fuzzer

GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL and all of its forkserver siblings. It allows to fuzz OS kernels like simple applications. Thanks to QEMU, it is multi-platform. One can see GUSTAVE as a AFL forkserver implementation inside QEMU, with fine grain...

glibc security, bug fix, and enhancement update

2.28-127.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

Memory Corruption Vulnerability in Multiple Apple Products (CNVD-2020-65942)

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for Smart TVs. A memory corruption vulnerability exists in the kernel of Apple iOS before 13.6, iPadOS before 13.6, tvOS before 13.4.8, watchOS before 6.2.8, and macOS Catalina before 10.15.6. An...

x86 PV guest INVLPG-like flushes may leave stale TLB entries

ISSUE DESCRIPTION x86 PV guest kernels may use hypercalls with INVLPG-like behavior to invalidate TLB entries even after changes to non-leaf page tables. Such changes to non-leaf page tables will, however, also render stale possible TLB entries created by Xen's internal use of linear page tables ...

UBUNTU-CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ...

glibc security, bug fix, and enhancement update

2.17-317.0.1 - Merge RH el7 u8 patches with Oracle patches Review-exception: Simple merge - Adding Mike Fabians C.utf-8 patch C.utf-8 is a unicode-aware version of the C locale Orabug 29784239. Reviewed-by: Jose E. Marchesi - Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch ...

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and...

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. There is a lack of preemption in evtchnreset / evtchndestroy. In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these when resetting all event channels or when cleaning up...

CVE-2020-25601

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchnreset / evtchndestroy. In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these when resetting all event channels or when cleaning...

CVE-2020-25596

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

CVE-2020-25601

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchnreset / evtchndestroy. In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these when resetting all event channels or when cleaning...

GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

...

The vulnerability of the enable_sacf_uaccess function in Linux operating system kernels, which allows a hacker to trigger a service failure

The vulnerability of the enablesacfuaccess function in Linux operating system kernels is related to errors during multi-threaded tasks race conditions. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2020-15705 GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...

Kernel update: Virtuozzo ReadyKernel patch 108.0 for Virtuozzo 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0, Virtuozzo Hybrid Infrastructure 3.5

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported kernels of Virtuozzo 7.0, Virtuozzo Infrastructure Platform, Virtuozzo Hybrid Infrastructure. Vulnerability id: PSBM-104517 3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.12.1.vz7.131.10 ext4...