13007 matches found
SUSE CVE-2021-47228
In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...
SUSE CVE-2021-47230
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is always synchronized with the vCPU's flag. If R...
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:2962)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2962 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...
Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem
A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity...
kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
A flaw was found in KVM. When calling the KVMGETDEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvmdebugregs structure that could be copied to userspace, causing an information leak...
hw: amd: Instruction raise #VC exception at exit
A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...
kernel: KVM: s390: fix setting of fpc register
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvmarchvcpuioctlsetfpu allows to set the floating point control fpc register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may le...
Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security and enhancement update
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
QEMU: improper IDE controller reset can lead to MBR overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
kernel: Linux kernel igb driver: Denial of Service due to improper SR-IOV cleanup
A flaw was found in the Linux kernel's igb driver. When the igb module is loaded with Single Root I/O Virtualization SR-IOV enabled on certain network adapters, and the SR-IOV initialization subsequently fails, the driver does not properly clean up allocated resources. A local user can exploit th...
hw: amd: Instruction raise #VC exception at exit
A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...
kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
A flaw was found in KVM. When calling the KVMGETDEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvmdebugregs structure that could be copied to userspace, causing an information leak...
hw: amd: Instruction raise #VC exception at exit
A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...
kernel: x86/sev: Make enc_dec_hypercall() accept a size instead of npages
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriously marke...
DEBIAN-CVE-2021-47450
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix host stage-2 PGD refcount The KVM page-table library refcounts the pages of concatenated stage-2 PGDs individually. However, when running KVM in protected mode, the host's stage-2 PGD is currently managed by EL2 a...
DEBIAN-CVE-2023-52812
In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcietable-numoflinklevels will be 0, and numoflevels - 1 will cause array index out of bounds...
UBUNTU-CVE-2023-52812
In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcietable-numoflinklevels will be 0, and numoflevels - 1 will cause array index out of bounds...
DEBIAN-CVE-2021-47389
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if binding an ASID fails after RECEIVESTART. Per AMD's SEV API, RECEIVESTART generates a new guest context and thus needs to be paired...
DEBIAN-CVE-2021-47228
In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...