13008 matches found
SUSE CVE-2023-52639
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...
DEBIAN-CVE-2024-26691
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu-mutex is taken inside kvm-lock. The rule is violated by the pkvmcreatehypvm which acquires the kvm-lock while already holding the vcpu-mutex...
UBUNTU-CVE-2023-52639
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...
CVE-2024-26691 KVM: arm64: Fix circular locking dependency
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu-mutex is taken inside kvm-lock. The rule is violated by the pkvmcreatehypvm which acquires the kvm-lock while already holding the vcpu-mutex...
CVE-2024-31419 Cnv: information disclosure through the usage of vm-dump-metrics
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitl...
CVE-2024-31419
CVE-2024-31419 describes an information disclosure in OpenShift Virtualization where the DownwardMetrics feature, enabled by default, exposes limited host metrics of a node to any VM guest across namespaces. The root cause is the inadvertent exposure through DownwardMetrics by default, leading to...
CVE-2024-31419 Cnv: information disclosure through the usage of vm-dump-metrics
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitl...
OESA-2024-1357 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not...
OESA-2024-1353 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not...
Red Hat OpenShift Virtualization 安全漏洞
Red Hat OpenShift Virtualization is a component of Red Hat, Inc. that allows running virtual machines VMs on OpenShift and integrating containers and virtualized resources on the same platform. A security vulnerability exists in Red Hat OpenShift Virtualization that stems from the presence of an...
KubeVirt 代码问题漏洞
Kubevirt is a virtual machine manager. A code issue vulnerability exists in KubeVirt that stems from a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service DOS...
PT-2024-24059 · Red Hat · Openshift Virtualization
Name of the Vulnerable Software and Affected Versions: OpenShift Virtualization affected versions not specified Description: An information disclosure flaw was found in OpenShift Virtualization, related to the DownwardMetrics feature, which exposes host metrics to virtual machine guests and is...
Advisory ROSA-SA-2024-2387
Software: slapi-nis 0.56.6 OS: ROSA Virtualization 2.1 packageevrstring: slapi-nis-0.56.6-2.rv3 CVE-ID: CVE-2021-3480 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dereferencing a null pointer during DN binding analysis could allow an unauthenticated attacker to cause the 389-ds-base directory server to...
Advisory ROSA-SA-2024-2386
Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3-12.0.1.rv3.3.x8664.rpm CVE-ID: CVE-2020-10745 BDU-ID: 2021-01741 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Samba networking software package is associated with uncontrolled resource consumption. Exploitation ...
[SECURITY] Fedora 38 Update: libvirt-9.0.0-5.fc38
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
Advisory ROSA-SA-2024-2381
Software: rsyslog 8.1911.0 OS: ROSA Virtualization 2.1 packageevrstring: rsyslog-8.1911.0-6.0.1.rv3 CVE-ID: CVE-2022-24903 BDU-ID: 2022-04363 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the TCP modules of the Rsyslog log processing software utility is related to writing beyond buffer boundaries ...
Advisory ROSA-SA-2024-2380
Software: rpm 4.14.3 OS: ROSA Virtualization 2.1 packageevrstring: rpm-4.14.3-26.rv3 CVE-ID: CVE-2021-3521 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a flaw in RPM's proprietary functionality. OpenPGP connections are bound to the primary key via a "binding signature". RPM does not verify t...
EulerOS Virtualization 2.11.1 : python-cryptography (EulerOS-SA-2024-1419)
According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling...
EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2024-1449)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it trie...
EulerOS Virtualization 2.11.0 : libXpm (EulerOS-SA-2024-1432)
According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows ...