4003 matches found
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
kernel: USB: core: Prevent nested device-reset calls
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...
kernel: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
golang: encoding/gob: stack exhaustion in Decoder.Decode
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
OESA-2023-1250 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.CVE-2022-1015 An out-of-boundsOOB memory access vulnerabili...
OESA-2023-1253 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.CVE-2022-1015 An out-of-boundsOOB memory access vulnerabili...
OESA-2023-1251 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: An out-of-boundsOOB memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfxkms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker...
OESA-2023-1252 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: An out-of-boundsOOB memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfxkms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker...
CVE-2023-30456
A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
...