494 matches found
kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...
kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...
kernel: KVM: x86/mmu: race condition in direct_page_fault()
A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...
kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...
Rocky Linux 8 : kernel-rt (RLSA-2021:3547)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3547 advisory. - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provide...
Rocky Linux 8 : kernel (RLSA-2021:3548)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3548 advisory. - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provide...
AZL-35596 CVE-2023-5088 affecting package qemu for versions less than 6.2.0-21
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-003)
The version of microvm-kernel installed on the remote host is prior to 4.14.246-200.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-003 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...
Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-002)
The version of microvm-kernel installed on the remote host is prior to 4.14.246-199.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-002 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9452)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9452 advisory. - KVM: do not allow mapping valid but non-reference-counted pages Nicholas Piggin Orabug: 33054089 CVE-2021-22543 CVE-2021-22543 - Input: joydev -...
kernel: KVM: x86/mmu: race condition in direct_page_fault()
A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...
kernel: KVM: x86/mmu: race condition in direct_page_fault()
A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2357)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl....
Nested Virtualization Statement for Citrix Hypervisor
Query of "Does Citrix Hypervisor support Nested Virtualization in VMs"...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
CVE-2023-30456
A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
...