153 matches found
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment CVE-2024-26907 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to...
CVE-2024-53135 KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization guest/host mode behind CONFIGBROKEN Hide KVM's ptmode module param behind CONFIGBROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad...
CVE-2024-53135
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization guest/host mode behind CONFIGBROKEN Hide KVM's ptmode module param behind CONFIGBROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad...
ALSA-2024:9128 Moderate: libvirt security update
Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...
CLSA-2024-1727817133 Fix of 74 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...
SUSE CVE-2024-46707
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICCSGIEL1 registers is...
UBUNTU-CVE-2024-46707
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICCSGIEL1 registers is...
SUSE CVE-2021-47407
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of initsrcustruct, which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found b...
CVE-2021-47389 KVM: SVM: fix missing sev_decommission in sev_receive_start
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if binding an ASID fails after RECEIVESTART. Per AMD's SEV API, RECEIVESTART generates a new guest context and thus needs to be paired...
SUSE CVE-2021-47062
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper to iterate over vCPUs when encrypting VMSAs for SEV, which effectively switches to use onlinevcpus instead of createdvcpus. This fix...
DEBIAN-CVE-2021-46977
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disable preemption when probing user return MSRs Disable preemption when probing a user return MSR via RDSMR/WRMSR. If the MSR holds a different value per logical CPU, the WRMSR could corrupt the host's value if KVM is...
F5 Networks BIG-IP : Linux kernel vulnerability (K07721343)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K07721343 advisory. - A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the...
Important: Red Hat Security Advisory: virt:rhel security update
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated thi...
USN-6109-1 linux-raspi, linux-raspi-5.4 vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6090-1 linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-oracle-5.15 vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
USN-5977-1 linux-oem-6.0 vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the KVM VMX...
USN-5976-1 linux-oem-5.14, linux-oem-5.17 vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
SUSE CVE-2016-4440
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service host OS crash or possibly execute arbitrary code on the host OS, via x2APIC mode...
AZL-12951 CVE-2022-2196 affecting package kernel for versions less than 5.15.102.1-1
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L2 with code...