127 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: The result size returned for the admin command completion has been corrected. The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: an implicit overflow issue with virtiomaxdmasize has been fixed. The following code involves an implicit conversion from sizet to u32: u32maxsize = sizetvirtiomaxdmasizevdev; This may lead to an overflow situation; fo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume In virtblkinithctx, hctx-userdata is set to vq. However, vq is freed during suspension and reallocated during resume. As a result, hctx-userdata becomes invalid after resume,...
UBUNTU-CVE-2026-48914
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
CVE-2026-48914
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
EUVD-2026-36408
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
CVE-2026-48914
CVE-2026-48914 affects QEMU’s virtio-blk device. The issue: the driver does not validate input descriptor sizes when handling virtio-blk SCSI requests, allowing a malicious guest with high privileges to trigger an out-of-bounds write in host heap memory, causing potential DoS of the QEMU process....
CVE-2026-48914
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
PT-2026-48843
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
CVE-2026-45782
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....
CVE-2026-45782
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....
Cloud hypervisor 资源管理错误漏洞
Cloud Hypervisor is a virtual machine monitor developed by Cloud Hypervisor Company, designed for modern cloud workloads. Versions of Cloud Hypervisor from 21.0 to 51.2 contained a resource management vulnerability. This vulnerability stemmed from submitting two virtio-block descriptors with the...
CVE-2026-45782 Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....
CVE-2026-45782 Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....
CVE-2026-45782
Cloud Hypervisor (virtio-block) is affected from 21.0 up to before 51.2. The issue arises in asynchronous virtio-block I/O completion when two descriptor chains reuse the same head_index, allowing a use-after-free that corrupts a bounce buffer if the duplicate operation completes before the origi...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Fixed a memory leak during the suspend/resume procedure. The vblk-vqs should be freed before calling initvqs in virtblkrestore...
CVE-2026-5761
virtio-blk: zone report buffer out-of-memory...
UBUNTU-CVE-2026-5761
virtio-blk: zone report buffer out-of-memory...
CVE-2026-5165
A flaw was found in virtio-win, specifically within the VirtIO Block BLK device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system...
CVE-2026-5165 Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset
A flaw was found in virtio-win, specifically within the VirtIO Block BLK device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system...