SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0003-1)

This update for xen fixes the following issues : Update to Xen 4.11.1 bug fix release bsc1027519 CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the...

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

DEBIAN-CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

Design/Logic Flaw

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

CVE-2018-16882

CVE-2018-16882 is a use-after-free in the Linux kernel KVM hypervisor when handling posted interrupts with nested virtualization. In nested_get_vmcs12_pages(), an error while processing the posted interrupt address can leave pi_desc_page unmapped without resetting the pi_desc descriptor, which is...

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

UBUNTU-CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)

This update for xen fixes the following issues : Update to Xen 4.10.2 bug fix release bsc1027519. Security vulnerabilities fixed : - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, m...

EulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2018-1422)

According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - xerces-c: Stack overflow when parsing deeply nested DTD CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description...

PT-2018-2986 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.91 Linux kernel versions prior to 4.19.13 Description: The issue is related to a use-after-free problem in the Linux kernel's KVM hypervisor when processing posted interrupts with nested virtualization...

Security update for xen (important)

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsidomsgin bsc1114423. - CVE-2018-18883: Fixed a NULL pointer dereference that...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)

This update for xen fixes the following issues : Security issues fixed : CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsidomsgin bsc1114423. CVE-2018-18883: Fixed a NULL pointer dereference that...

USN-3836-2 linux-hwe, linux-gcp vulnerabilities

USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside...

USN-3836-1 linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...

USN-3833-1 linux-aws vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...

USN-3832-1: Linux kernel (AWS) vulnerabilities

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. CVE-2018-17972 Jann Horn discovered that the mremap system...

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...

Arbitrary File Writes And Directory Creation

microsoft.netcore.app System.IO.Compression.ZipFile is vulnerable to arbitrary file writes and directory creation. The vulnerability can be triggered because it does not properly validate the trailing separator for nested paths...