CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

UBUNTU-CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

Linux Distros Unpatched Vulnerability : CVE-2026-46059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an...

EUVD-2011-1140

Malware in sbrugna...

CVE-2024-50115 KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory Ignore nCR34:0 when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of...

CVE-2024-50115 KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory Ignore nCR34:0 when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of...

CVE-2024-50115

CVE-2024-50115 is a Linux kernel vulnerability affecting KVM nSVM where loading PDPTEs from memory incorrectly handles nCR3[4:0]. The issue can cause an out-of-bounds read if a target page is at the end of a memslot, due to not enforcing 32-byte alignment when PAE paging is used. The root cause i...

kernel: KVM: double fetch in nested_svm_vmrun can lead to unrestricted MSR access

A flaw was found in the Linux kernel. A KVM guest on AMD can launch a nested guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nestedsvmvmrun. A malicious guest could use this flaw to gain unrestricted access to host MSRs, possibly leading to guest-to-host esca...

VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability (Linux)

The host is installed with VMWare Workstation local privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareworkstationlocprevesclvulnlin.nasl 7044 2017-09-01 11:50:59Z teissa $ VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability Linux Authors: Antu Sana...

Directory traversal

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory...

CVE-2011-1126

CVE-2011-1126 concerns VMware vmrun (used with VIX API 1.x on Linux and VMware Workstation 6.5.x/7.x) that is vulnerable to local privilege escalation via loading a malicious shared library from an insecure directory. The issue allows a local attacker to gain elevated privileges by exploiting lib...

CVE-2011-1126

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory...

Linux平台上的VMware "vmrun"本地权限提升漏洞

BUGTRAQ ID: 47094 CVE ID: CVE-2011-1126 VMware VIX API可协作您编写虚拟机自动化操作的软件和脚本，运行程序或管理客户机操作系统中的文件。VMware Workstation是一款功能强大的桌面虚拟计算机软件，提供用户可在单一的桌面上同时运行不同的操作系统，和进行开发、测试 、部署新的应用程序的最佳解决方案。 Linux平台上的VMware "vmrun"在实现上存在本地权限提升漏洞，攻击者可利用此漏洞造成权限提升。 此漏洞源于vmrun程序错误地从某些目录中加载库，造成以当前运行vmrun的用户权限执行任意代码，使程序加载恶意共享库。...

VMSA-2011-0006 VMware vmrun utility local privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0006 Synopsis: VMware vmrun utility local privilege escalation Issue date: 2011-03-29 Updated on: 2011-03-29 initial release of...

VMware vmrun utility local privilege escalation

a. VMware Linux based vmrun utility local privilege escalationVMware vmrun is a utility that is used to perform various tasks on virtual machines. The vmrun utility runs on any platform with VIX libraries installed. It is installed in VMware Workstation by default.In non-standard filesystem...

VMSA-2011-0006:VMware vmrun utility local privilege escalation

VMSA-2011-0006.1 VMware vmrun utility local privilege escalation VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0006.1 VMware Security Advisory Synopsis: VMware vmrun utility local privilege escalation VMware Security Advisory Issue date: 2011-03-29 VMware Security...