23 matches found
ALPINE-CVE-2025-58150
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
CVE-2025-58150
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
UBUNTU-CVE-2025-58150
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
CVE-2025-58150 x86: buffer overrun with shadow paging + tracing
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
CVE-2025-58150 x86: buffer overrun with shadow paging + tracing
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
CVE-2025-58150
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...
CVE-2025-58150
CVE-2025-58150 affects the Xen hypervisor (shadow mode tracing code) where per-CPU variables are written with guest-controlled data. The writes can exceed the destination variable, and bounding is missing, enabling memory corruption. Public advisories (XSA-477) and multiple distro updates (Fedora...
x86: buffer overrun with shadow paging + tracing
ISSUE DESCRIPTION Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing. IMPAC...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992644)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992644 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990801)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990801 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process...
CVE-2023-53121
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
SUSE CVE-2023-53121
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
CVE-2023-53121
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
UBUNTU-CVE-2023-53121
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
CVE-2023-53121
The CVE-2023-53121 vulnerability affects the Linux kernel where tcp_rtx_synack() can be invoked from process context, allowing tcp_make_synack() to touch per-CPU data with preemption enabled and trigger a BUG: using __this_cpu_add() in preemptible code. The root cause is a context-inappropriate c...
CVE-2024-47708 netkit: Assign missing bpf_net_context
In the Linux kernel, the following vulnerability has been resolved: netkit: Assign missing bpfnetcontext During the introduction of struct bpfnetcontext handling for XDP-redirect, the netkit driver has been missed, which also requires it because NETKITREDIRECT invokes skbdoredirect which is...
CVE-2024-40944
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix bug with call depth tracking The call to ccplatformhas triggers a fault and system crash if call depth tracking is active because the GS segment has been reset by loadsegments and GSBASE is now 0 but call depth...
kernel: tcp: tcp_make_synack() can be called from process context
In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...
kernel: kvm: vmx: host GDT limit corruption
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cp...
kernel: kvm: vmx: host GDT limit corruption
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cp...