CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104 matches found

OSV•added 2024/08/07 3:14 p.m.•12 views

CVE-2024-42240 x86/bhi: Avoid warning in #DB handler due to BHI mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entrySYSENTERcompat uses CLEARBRANCHHISTORY and calls the clearbhbloop before the TF flag...

5.5CVSS6.2AI score0.00022EPSS

Exploits0References9

Cvelist•added 2024/08/07 3:14 p.m.•24 views

CVE-2024-42240 x86/bhi: Avoid warning in #DB handler due to BHI mitigation

0.00022EPSS

Exploits0References5

CVE•added 2024/08/07 3:14 p.m.•167 views

CVE-2024-42240

CVE-2024-42240: Linux kernel x86/bhi vulnerability where, when BHI mitigation is enabled, an entry_SYSENTER_compat() sequence could trigger a #DB handler warning due to the TF single-step bit handling. The fix changes the order to clear the TF flag before or after clearing branch history as appro...

5.5CVSS6.4AI score0.00022EPSS

Exploits0References6Affected Software1

CNNVD•added 2024/08/07 12:0 a.m.•3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem with the x86/bhi module BHI mitigation mechanism when handling SYSENTER calls. When the TF flag bi...

5.5CVSS6.7AI score0.00022EPSS

Exploits0References6

Cvelist•added 2024/06/25 2:20 p.m.•27 views

CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...

0.00032EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 6:3 a.m.•1 views

SUSE CVE-2009-2715

Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service Linux host OS reboot via a sysenter instruction...

4.9CVSS6.7AI score0.00191EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:39 a.m.•2 views

SUSE CVE-2013-1917

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service hypervisor crash by triggering a GP fault, which is not properly handled by another IRET instruction...

1.9CVSS6.5AI score0.00074EPSS

Exploits0References9

SUSE CVE•added 2023/02/15 3:54 a.m.•1 views

SUSE CVE-2020-25596

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

5.5CVSS6.5AI score0.00086EPSS

Exploits0References18

OpenVAS•added 2022/01/28 12:0 a.m.•30 views

Mageia: Security Advisory (MGASA-2015-0210)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.3AI score0.0304EPSS

Exploits7References5

OpenVAS•added 2022/01/28 12:0 a.m.•40 views

Mageia: Security Advisory (MGASA-2015-0221)

5CVSS6.3AI score0.0304EPSS

Exploits7References5

Exploit DB•added 2021/06/21 12:0 a.m.•422 views

Solaris SunSSH 11.0 x86 - libpam Remote Root (3)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...

10CVSS9.8AI score0.88872EPSS

Exploits13

Tenable Nessus•added 2020/10/08 12:0 a.m.•35 views

Fedora 31 : xen (2020-d46fe34349)

x86 pv: Crash when handling guest access to MSRMISCENABLE XSA-333, CVE-2020-25602 1881619 Missing unlock in XENMEMacquireresource error path XSA-334, CVE-2020-25598 1881616 race when migrating timers between x86 HVM vCPU-s XSA-336, CVE-2020-25604 1881618 PCI passthrough code reading back hardware...

7.8CVSS6.2AI score0.00109EPSS

Exploits0References11

Tenable Nessus•added 2020/10/01 12:0 a.m.•38 views

Fedora 32 : xen (2020-f668e579be)

7.8CVSS6.2AI score0.00109EPSS

Exploits0References11

Veracode•added 2020/09/24 10:39 a.m.•33 views

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and...

5.5CVSS2.6AI score0.00086EPSS

Exploits0References10Affected Software1

OSV•added 2020/09/23 10:15 p.m.•22 views

CVE-2020-25596

5.5CVSS2.4AI score

Exploits0References7

OSV•added 2020/09/23 10:15 p.m.•1 views

DEBIAN-CVE-2020-25596

5.5CVSS8.5AI score0.00086EPSS

Exploits0References1

OSV•added 2020/09/23 10:15 p.m.•1 views

ALPINE-CVE-2020-25596