CVE-2024-21164

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

CVE-2024-21164

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

CVE-2024-21164

CVE-2024-21164 affects Oracle VM VirtualBox (Core) with affected versions prior to 7.0.20. The issue allows a high-privilege attacker who can log on to the host to compromise the VirtualBox instance, potentially leading to unauthorized read access to a subset of data. The vulnerability is part of...

CVE-2024-21161

Oracle VM VirtualBox (Core) on Linux hosts is affected by CVE-2024-21161. Affects versions prior to 7.0.20. The vulnerability allows a low-privilege, local attacker with logon to the host to cause a hang or frequent crash (DoS) of VirtualBox. CVSS v3.1 base score is 5.5 (Availability impact); att...

CVE-2024-21141

CVE-2024-21141 affects Oracle VM VirtualBox (Core) with affected versions prior to 7.0.20. The vulnerability is described as easily exploitable by a high-privileged attacker who can log on to the infrastructure where VirtualBox runs, potentially allowing takeover of VirtualBox and impacting other...

CVE-2024-21141

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem

A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity...

UBUNTU-CVE-2022-48793

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nestedsvmloadcr3 to be too early, before the NPT is enabled, which is very...

Advisory ROSA-SA-2024-2450

Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2016-2124 BDU-ID: 2021-05993 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability was discovered in the way Samba implemented SMB1 authentication. An attacker could use this vulnerability to extract the public...

Alternate Method to Reverse Image Provisioning Services vDisks (XenServer Direct VHD Boot)

This article describes an alternate method to Reverse Image Provisioning Services vDisks XenServer Direct VHD Boot. Note : Reverse imaging a Provisioning Services PVS vDisk is not the only way to get a vDisk back to your hypervisor for updates. This article explains the versatility associated wit...

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing...

DEBIAN-CVE-2024-40989

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu...

DEBIAN-CVE-2024-40953

In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on lastboostedvcpu in kvmvcpuonspin Use READ,WRITEONCE to access kvm-lastboostedvcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a data contention issue in the kvmvcpuonspin function of the KVM virtualization component...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the KVM:arm64 component to ensure that no vCPU pointer points to the redistributor region when ...

virt:ol and virt-devel:rhel security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm 6.2.0-50 - kvm-qcow2-Don-t-open-datafile-with-BDRVONOIO.patch RHEL-35616 - kvm-iotests-244-Don-t-store-data-file-with-protocol-in-i.patch RHEL-35616 -...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.16.0 Images security update

Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered...

RHEL 9 : libvirt (RHSA-2024:4432)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4432 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

Advisory ROSA-SA-2024-2449

Software: postgresql 12.1 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.1 CVE-ID: CVE-2020-1720 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability has been discovered in PostgreSQL "ALTER ... DEPENDS ON EXTENSION" where subcommands did not perform authorization checks. An...