GSD-2021-1002563 KVM: MMU: shadow nested paging does not have PKU

KVM: MMU: shadow nested paging does not have PKU This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.7 by commit...

bio-rad.com XSS vulnerability

Open Bug Bounty ID: OBB-611847 Description| Value ---|--- Affected Website:| bio-rad.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions MPX and Protection Key PKU features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220...

CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions MPX and Protection Key PKU features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220...

CVE-2017-10916

CVE-2017-10916 is an information-leak flaw in the Xen vCPU context-switch handling of Memory Protection Extensions (MPX) and Protection Key (PKU). The issue enables guest OS users to potentially bypass ASLR and related protections. Public advisories (Debian, SUSE, Fedora/OpenVAS/NASL) associate t...

x86: PKRU and BND* leakage between vCPU-s

ISSUE DESCRIPTION Memory Protection Extensions MPX and Protection Key PKU are features in newer processors, whose state is intended to be per-thread and context switched along with all other XSAVE state. Xen's vCPU context switch code would save and restore the state only if the guest had set the...