CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

UBUNTU-CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen, whic...

ASB-A-233154555

'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploited...

CVE-2021-36710

ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0...

CVE-2021-26368

CVE-2021-26368 is an AMD firmware/Trusted OS issue where insufficient process-type checking can allow a less-privileged process to unmap memory owned by a higher-privileged process, causing denial of service. The AMD advisory (AMD-SB-1027) and related CVE table map this to multiple AMD Ryzen plat...

kernel: possible leak or coruption of data residing on hugetlbfs

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from a security vulnerability th...

kernel: tcp: fix page frag corruption on page fault

A vulnerability was found in the Linux kernel's TCP subsystem in the tcpsendmsglocked function, which can lead to page fragment corruption during a page fault, which occurs when a TCP stream experiences nested access to the task page fragment due to a page fault while handling memory-mapped...

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...

CVE-2021-4021

A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS...

UBUNTU-CVE-2022-23033

arm: guestphysmapremovepage not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm p2mremovemapping, guestphysmapremovepage, and p2msetentry with mfn set to INVALIDMFN do not actually clear the pagetable entry if the entry doesn't have the vali...

PT-2025-37622

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.0.0-rc3+ 490 Description: The Linux kernel contained a flaw in the ACPI subsystem where calling acpi os map memory on an invalid physical address could lead to a warning and potentially an oops/stacktrace. Thi...

OESA-2021-1475 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local...

kernel: Overlayfs in the Linux kernel and shiftfs not restoring original value on error leading to a refcount underflow

A flaw was found in the Linux kernel. In Overlayfs, vma-vmfile was replaced in the mmap handlers and, on errors, the original value is not restored. A local attacker with special user privilege or root can cause a kernel internal information leak. The highest threat from this vulnerability is to...

CVE-2021-43413

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access...

CVE-2021-41285

Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call mapping...

Crucial Ballistix Mod Utility 安全漏洞

Crucial Ballistix Mod Utility is used by Crucial USA to customize and control gaming systems, specifically Led colors and patterns, memory, temperature, and overclocking. Ballistix MOD Utility suffers from a security vulnerability that allows a low-privileged user to interact directly with physic...

PT-2021-8200 · Crucial · Ballistix Mod Utility

Name of the Vulnerable Software and Affected Versions: Ballistix MOD Utility versions 2.0.2.5 and earlier Description: The issue is related to a privilege escalation vulnerability in the MODAPI.sys driver component. It is triggered by sending a specific IOCTL request, allowing low-privileged user...

SUSE SLES12: xen / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc (SUSE-SU-2021:2955-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2955-1 advisory. Security issues fixed: - CVE-2021-28698: long running loops in grant table handling XSA-380bsc1189378. - CVE-2021-28697: grant tabl...