226 matches found
kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...
RHEL 9 : kernel (RHSA-2025:17377)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17377 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: security/keys: fix...
ALSA-2025:17377 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: security/keys: fix slab-out-of-bounds in keytaskpermission CVE-2024-50301 kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush CVE-2025-38351 kernel: wifi: ath12k:...
CVE-2022-50495
CVE-2022-50495 is rejected/not used; this entry does not represent an active vulnerability.
Linux Distros Unpatched Vulnerability : CVE-2019-18420
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOPinitialise hypercall...
Linux Distros Unpatched Vulnerability : CVE-2022-26362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...
Linux Distros Unpatched Vulnerability : CVE-2019-17347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its...
Linux Distros Unpatched Vulnerability : CVE-2018-12893
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions...
Linux Distros Unpatched Vulnerability : CVE-2021-26932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of...
Linux Distros Unpatched Vulnerability : CVE-2022-33744
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of tha...
Linux Distros Unpatched Vulnerability : CVE-2022-23041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...
CVE-2025-22045
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flushtlbrange when used for zapping normal PMDs On the following path, flushtlbrange can be used for zapping normal PMD entries PMD entries that point to page tables together with the PTE entries in the pointed-to pag...
CVE-2025-22045 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flushtlbrange when used for zapping normal PMDs On the following path, flushtlbrange can be used for zapping normal PMD entries PMD entries that point to page tables together with the PTE entries in the pointed-to pag...
CVE-2025-22045
The connected Astra Linux entry reproduces CVE-2025-22045 and provides a concrete technical detail: the Linux kernel x86 flush_tlb_range() path could zap normal PMD entries ( pointing to page tables ) together with PTEs, via collapse_pte_mapped_thp → pmdp_collapse_flush → flush_tlb_range. The fix...
kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...
kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...
DEBIAN-CVE-2023-52994
In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 "x86/boot: Skip realmode init code when running as Xen PV guest" missed one code path accessing realmodeheader, leading to dereferencing NULL when suspending the system under Xen:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a null pointer dereference that occurs when the system hangs in the Xen PV environment...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the x86/xen architecture handling PV iret hypercall incorrectly called via the hypercall page...
SUSE CVE-2024-53241
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...