Lucene search
K

171 matches found

SUSE CVE
SUSE CVE
added 2023/10/11 1:47 a.m.2 views

SUSE CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

5.7CVSS7.9AI score0.00256EPSS
Exploits0References20
OSV
OSV
added 2023/06/02 11:36 a.m.7 views

SUSE-SU-2023:2356-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities bsc1211390. Non-security fixes: - Fixed a potential crash during driver cleanup bsc1209861. - Added Apparmor support for SUSE...

5.5CVSS5.6AI score0.00298EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.4 views

SUSE CVE-2010-4525

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvmvcpuevents-interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors...

1.9CVSS6.3AI score0.00341EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.3 views

SUSE CVE-2012-4535

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service Xen infinite loop and physical CPU consumption by setting a VCPU with an "inappropriate deadline."...

1.9CVSS6.1AI score0.00385EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions MPX and Protection Key PKU features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220...

5.7CVSS6.5AI score0.01349EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.2 views

SUSE CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

6.5CVSS6.5AI score0.01804EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.7 views

SUSE CVE-2018-5244

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service host OS memory consumption by rebooting many...

4CVSS6.6AI score0.00371EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.5 views

SUSE CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

6.5CVSS6.8AI score0.00373EPSS
Exploits0References19
Ubuntu
Ubuntu
added 2022/11/29 7:5 p.m.55 views

USN-5728-3: Linux kernel (GCP) vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

8.8CVSS7.1AI score0.04947EPSS
Exploits7
OSV
OSV
added 2022/08/31 4:15 p.m.5 views

AZL-10820 CVE-2022-1263 affecting package kernel for versions less than 5.15.67.1-4

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service...

5.5CVSS6.7AI score0.00419EPSS
Exploits1References1
Trellix
Trellix
added 2022/08/11 12:0 a.m.9 views

The Race to Secure eBPF for Windows

The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...

8.3AI score
Exploits0
OSV
OSV
added 2022/04/08 12:0 a.m.3 views

UBUNTU-CVE-2022-1263

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service...

5.5CVSS6.7AI score0.00419EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:44 p.m.7 views

CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVMXENHVMSETATTR ioctl. This fl...

5.5CVSS6.7AI score0.00387EPSS
Exploits1References7
OSV
OSV
added 2022/03/10 5:44 p.m.1 views

DEBIAN-CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVMXENHVMSETATTR ioctl. This fl...

5.5CVSS6.5AI score0.00387EPSS
Exploits1References1
OSV
OSV
added 2022/03/10 5:44 p.m.4 views

UBUNTU-CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVMXENHVMSETATTR ioctl. This fl...

5.5CVSS6.7AI score0.00387EPSS
Exploits1References6
OSV
OSV
added 2022/01/21 7:15 p.m.3 views

CVE-2021-4032

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvmfreelapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with...

4.4CVSS7.6AI score0.00393EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2022/01/07 12:0 a.m.11 views

PT-2022-2848

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc1 Description A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw ...

5.5CVSS6.6AI score0.00387EPSS
Exploits1References28
RedHat Linux
RedHat Linux
added 2021/06/01 9:46 a.m.2 views

kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability...

7.1CVSS6.6AI score0.00374EPSS
Exploits0References5
OSV
OSV
added 2020/12/15 5:15 p.m.5 views

ALPINE-CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

6.2CVSS6.8AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2020/12/15 5:15 p.m.2 views

UBUNTU-CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

6.2CVSS7.2AI score0.00373EPSS
Exploits0References3
Rows per page
Query Builder