Lucene search
K

226 matches found

OSV
OSV
added 2022/10/04 6:27 p.m.11 views

USN-5655-1 linux-intel-iotg vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7AI score0.05542EPSS
Exploits1References12
Ubuntu
Ubuntu
added 2022/09/26 3:47 p.m.92 views

USN-5640-1: Linux kernel (Oracle) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7.1AI score0.05542EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/09/23 3:3 p.m.64 views

USN-5635-1: Linux kernel (GKE) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7.1AI score0.05542EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/09/22 5:27 p.m.81 views

USN-5633-1: Linux kernel vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7.1AI score0.05542EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/09/21 11:10 a.m.62 views

USN-5623-1: Linux kernel (HWE) vulnerabilities

Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the framebuffer driver on the Linux...

8.2CVSS6.8AI score0.05542EPSS
Exploits3
Ubuntu
Ubuntu
added 2022/09/21 9:46 a.m.91 views

USN-5624-1: Linux kernel vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7.1AI score0.05542EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.7 views

The vulnerability of the blkfront driver in the PV command of the Xen hypervisor allows a hacker to cause a service failure.

The vulnerability of the blkfront driver in the PV command of the Xen hypervisor is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures...

7CVSS6.5AI score0.00359EPSS
Exploits0References16Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.6 views

The vulnerability of the Xen supervisor tool, caused by synchronization errors when using a shared resource, allows a malicious actor to trigger a service failure.

The vulnerability of the PV virtualization mode implementation in Xen hypervisors arises due to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to cause a service failure...

7CVSS6.5AI score0.0025EPSS
Exploits0References29Affected Software7
OSV
OSV
added 2022/08/30 1:48 p.m.5 views

USN-5572-2 linux-aws vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2022/08/24 3:13 p.m.3 views

USN-5579-1 linux, linux-kvm, linux-lts-xenial vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2022/08/19 11:4 a.m.4 views

OESA-2022-1846 kernel security update

Security Fixes: The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol .bss. This allows Xen PV guest OS users to cause a denial of service or gain privileges.CVE-2022-36123 In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to...

7.8CVSS8AI score0.00863EPSS
Exploits1References3
OSV
OSV
added 2022/08/18 5:40 p.m.5 views

USN-5572-1 linux-aws vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/07/19 7:0 a.m.4 views

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held resulting in a small race window which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0 e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

...

4.7CVSS7.1AI score0.00309EPSS
Exploits0
OSV
OSV
added 2022/07/05 1:15 p.m.2 views

ALPINE-CVE-2022-26365

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS7.1AI score0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/05 1:15 p.m.4 views

CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

4.7CVSS6.7AI score0.00309EPSS
Exploits0References6
OSV
OSV
added 2022/07/05 1:15 p.m.15 views

UBUNTU-CVE-2022-33741

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.7AI score0.00322EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2022/07/05 1:15 p.m.4 views

CVE-2022-26365

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.7AI score0.00325EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.3 views

Xen 信息泄露漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that stems...

7.1CVSS6.5AI score0.00322EPSS
Exploits0References42
OSV
OSV
added 2022/06/09 5:15 p.m.1 views

DEBIAN-CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

6.7CVSS6.2AI score0.00494EPSS
Exploits3References1
OSV
OSV
added 2022/06/09 5:15 p.m.2 views

ALPINE-CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

6.4CVSS6.7AI score0.00379EPSS
Exploits0References1
Rows per page
Query Builder