244 matches found
UBUNTU-CVE-2021-47657
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree If virtiogpuobjectshmeminit fails e.g. due to fault injection, as it happened in the bug report by syzbot, virtiogpuarrayputfree could be called with objs equal to...
CVE-2022-49532 drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL and we should check it. This bug is found by syzkaller: FAULTINJECTION stacktrace: 168.567394 FAULTINJECTION: forcing a failure. name...
CVE-2022-49532 drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL and we should check it. This bug is found by syzkaller: FAULTINJECTION stacktrace: 168.567394 FAULTINJECTION: forcing a failure. name...
CVE-2022-49532 drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL and we should check it. This bug is found by syzkaller: FAULTINJECTION stacktrace: 168.567394 FAULTINJECTION: forcing a failure. name...
CVE-2022-49532
CVE-2022-49532 affects the Linux kernel DRM virtio driver (virtio_gpu_conn_get_modes) where drm_cvt_mode may return NULL, leading to a NULL pointer dereference. The issue is demonstrated by a KASAN report showing a null deref while reading a 4-byte value from a NULL pointer. The connected advisor...
CVE-2021-47657
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree If virtiogpuobjectshmeminit fails e.g. due to fault injection, as it happened in the bug report by syzbot, virtiogpuarrayputfree could be called with objs equal to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check for empty objs in the virtiogpuarrayputfree function...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking the drmcvtmode return value in virtiogpuconngetmodes, which could lead to a null pointer dereferenc...
CVE-2023-50227
Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...
CVE-2023-50227
Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...
CVE-2023-50227
Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...
CVE-2023-50227 Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability
Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...
CVE-2023-50227 Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability
Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...
CVE-2023-50227
CVE-2023-50227 describes a vulnerability in Parallels Desktop affecting the virtio-gpu virtual device. The issue is an out-of-bounds write caused by improper validation of user-supplied data, enabling a remote attacker to execute code in the hypervisor. Exploitation requires user interaction (the...
Corel Parallels Desktop 安全漏洞
Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Canada's Corel Digital Technology Corel. A security vulnerability exists in Corel Parallels Desktop that stems from a specific flaw in the virtio-gpu virtual appliance that lacks proper validation of...
OESA-2024-1494 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...
UBUNTU-CVE-2024-3446
A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...
The vulnerability of the virtio-gpu component of the Parallels Desktop hypervisor Virtual Device allows a hacker to execute arbitrary code.
The vulnerability of the virtio-gpu Virtual Device component in Parallels Desktop hypervisor is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing data beyond the bounds of the allocated buffer...
Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists withi...
OESA-2023-1324 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer.CVE-2023-22998...