218 matches found
DEBIAN-CVE-2018-19961
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes...
ALPINE-CVE-2018-19965
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service host OS crash because GP0 can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 aka Meltdown mitigation...
DEBIAN-CVE-2018-19965
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service host OS crash because GP0 can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 aka Meltdown mitigation...
ALPINE-CVE-2018-19961
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes...
DEBIAN-CVE-2018-5953
The swiotlbprintinfo function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call...
Linux kernel denial of service vulnerability (CNVD-2018-06440)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in the Linux kernel prior to 4.14.4. The vulnerability arises because the...
ALPINE-CVE-2017-15588
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry...
kernel: race condition in the TLB flush logic
A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user coul...
kernel: race condition in the TLB flush logic
A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user coul...
DEBIAN-CVE-2016-2069
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2931-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2931-1 advisory. Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local...
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...
USN-2931-1 linux-lts-utopic vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...
RHEL 7 : kernel (RHSA-2014:1281)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1281 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux...
DEBIAN-CVE-2013-6400
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service host crash or...
Debian DSA-466-1 : linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap2 system call. Due to flushing the TLB Translation Lookaside Buffer, an address cache too early it is possible for an attacker to trigger a local...
[SECURITY] [DSA 466-1] New Linux 2.2.10 packages fix local root exploit (powerpc/apus)
-------------------------------------------------------------------------- Debian Security Advisory DSA 466-1 [email protected] http://www.debian.org/security/ Martin Schulze March 18th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 454-1] New Linux 2.2.22 packages fix local root exploit (alpha)
-------------------------------------------------------------------------- Debian Security Advisory DSA 454-1 [email protected] http://www.debian.org/security/ Martin Schulze March 2nd, 2004 http://www.debian.org/security/faq -...