K80212034: Linux kernel vulnerability CVE-2021-3656

Security Advisory Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this...

Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2023-048-01)

The version of kernel-generic installed on the remote host is prior to 5.15.94 / 5.15.94smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-048-01 advisory. - A flaw was found in the KVM's AMD nested virtualization SVM. A malicious L1 guest could purposely fa...

SUSE CVE-2013-0151

The dohvmop function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x8632 platform does not prevent HVMPARAMNESTEDHVM aka nested virtualization operations, which allows guest OS users to cause a denial of service long-duration page mappings and host OS crash by leveraging administrative access to ...

SUSE CVE-2013-0152

Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service host memory consumption by performing nested virtualization in a way that triggers errors that are not properly handled...

SUSE CVE-2013-4551

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for 1 VMLAUNCH and 2 VMRESUME, which allows local HVM guest users to cause a denial of service host crash via unspecified vectors related to "guest VMX instruction execution."...

SUSE CVE-2016-1571

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

SUSE CVE-2017-12188

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service incorrect index...

SUSE CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL...

SUSE CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

SUSE CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

SUSE CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

SUSE CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

SUSE CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

SUSE CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

SUSE CVE-2022-3344

A flaw was found in the KVM's AMD nested virtualization SVM. A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest L2, possibly leading to a page fault and kernel panic in the host L0...

SUSE CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12116)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12116 advisory. - netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits Pablo Neira Ayuso Orabug: 34978152 CVE-2023-0179 Tenable has extract...

CVE-2022-2196

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

AZL-12951 CVE-2022-2196 affecting package kernel for versions less than 5.15.102.1-1

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L2 with code...

Mageia: Security Advisory (MGASA-2022-0477)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...