62 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "numcpu" from user space The maximum supported cpu number is EIOINTCROUTEMAXVCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow...
CVE-2023-54296
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...
UBUNTU-CVE-2023-54296
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...
CVE-2023-54296
CVE-2023-54296 concerns the Linux kernel KVM/SMV intrahost migration path. The issue fixed a bug where KVM would grab source vCPUs from the destination VM during intrahost migration, which could cause the guest to fail and the host to crash because the VMSA pointer could be left NULL. The descrip...
TencentOS Server 4: kernel (TSSA-2025:0430)
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0430 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...
EUVD-2024-54016
Malicious code in bioql PyPI...
UBUNTU-CVE-2024-58083
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
CVE-2024-58083
CVE-2024-58083 affects the Linux kernel KVM: the target vCPU was not reliably verified online before clamping the index in kvm_get_vcpu(). If the index is bad, nospec clamping could return vCPU0, leading to a use‑after‑free when vCPU0 is dereferenced. The issue is mitigated by ensuring vCPU0 is o...
kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown
A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
edk2 security update
20240524-6.0.1 - Replace upstream references Orabug:36569119 20240524-6 - edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch RHEL-56974 - edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch RHEL-55336 - Resolves: RHEL-56974 qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion:...
kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown
A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption...
Virtuozzo Hybrid Infrastructure 6.3 (6.3.0-170)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service and our ecosystem of backup and disaster recovery solutions. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...
kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown
A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption...
CVE-2024-40989
A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption. Mitigation Mitigation for this...
CVE-2024-40989
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu...
CVE-2024-40989 KVM: arm64: Disassociate vcpus from redistributor region on teardown
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu...
UBUNTU-CVE-2021-47390
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapicwriteindirect KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvmmakevcpusrequestmask+0x174/0x440 kvm Read of size 8 at addr ffffc9001364f638 by tas...
CVE-2024-26768
CVE-2024-26768 affects the Linux kernel LoongArch path: the patch changes the ACPI core PIC array from [NR_CPUS] to [MAX_CORE_PIC] to match the MADT max physical CPUs. With NR_CPUS defaulting to 64, platforms with more than 64 CPUs could overflow acpi_core_pic when parsing MADT, risking a boot cr...
CVE-2021-47062
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper to iterate over vCPUs when encrypting VMSAs for SEV, which effectively switches to use onlinevcpus instead of createdvcpus. This fix...