Lucene search
+L

291 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.4 views

SUSE CVE-2013-2212

The vmxsetucmode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service CPU consumption and possibly hypervisor or guest kernel panic via a crafted GFN range...

5.7CVSS6.3AI score0.00621EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.4 views

SUSE CVE-2016-2271

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service guest crash via vectors related to a non-canonical RIP...

5.5CVSS7.2AI score0.00391EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.2 views

SUSE CVE-2017-8106

The handleinvept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service NULL pointer dereference and host OS crash via a single-context INVEPT instruction with a NULL EPT pointer...

5.5CVSS6.4AI score0.00329EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/09 10:59 a.m.17 views

CVE-2022-2196 Speculative execution attacks in KVM VMX

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L2 with code...

5.8CVSS7.5AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/04 12:0 a.m.117 views

VMware ESXi 7.0 / 8.0 Heap Out-of-bounds Write (VMSA-2022-0033)

VMware ESXi contain a heap out-of-bounds write vulnerability in the USB 2.0 controller EHCI. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. The exploitation is contained...

8.2CVSS8.2AI score0.01546EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2022/11/22 12:0 a.m.35 views

virt-v2v security, bug fix, and enhancement update

2.0.7-6.0.1 - Replaced bugzilla.oracle.com references Orabug: 34202300 - replaced upstream references Orabug:34089586 1:2.0.7-6 - Install qemu-ga package during conversion resolves: rhbz2028764 1:2.0.7-5 - Remove LVM2 devices file during conversion resolves: rhbz2112801 - Add support for Zstandar...

6.5CVSS7.1AI score0.00875EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.3 views

PT-2025-18798

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to KVM Kernel-based Virtual Machine and VMX Virtual Machine Extensions. The issue involves resetting eVMCS controls in the...

4.3CVSS5.8AI score
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2022/10/07 9:15 p.m.3 views

CVE-2022-31681

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2022/10/07 9:15 p.m.30 views

CVE-2022-31681

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host...

6.5CVSS0.00199EPSS
Exploits0References1
OSV
OSV
added 2022/10/07 9:15 p.m.2 views

CVE-2022-31681

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2022/07/31 1:46 p.m.5 views

GSD-2022-1004147 KVM: VMX: Prevent RSB underflow before vmenter

KVM: VMX: Prevent RSB underflow before vmenter This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.14 by commit...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.7 views

The vulnerability of the VMX service on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a perpetrator to escalate their privileges.

The vulnerability of the VMX service on the VMware Cloud Foundation and the VMware ESXi hypervisor platform is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.1CVSS7.5AI score0.00296EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/03/09 10:13 a.m.79 views

CVE-2022-0001

A flaw was found in hw. The Branch History Injection BHI describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to...

6.5CVSS1.1AI score0.00508EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/03/01 12:0 a.m.441 views

ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0004)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, including the following: - VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtua...

7.8CVSS7.3AI score0.02316EPSS
Exploits0References6
OSV
OSV
added 2022/02/16 5:15 p.m.4 views

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

6.7CVSS7.2AI score0.00574EPSS
Exploits0References1
NVD
NVD
added 2022/02/16 5:15 p.m.26 views

CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

6.7CVSS0.00725EPSS
Exploits0References1
NVD
NVD
added 2022/02/16 5:15 p.m.27 views

CVE-2021-22042

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user...

7.8CVSS0.00296EPSS
Exploits0References1
Prion
Prion
added 2022/02/16 5:15 p.m.25 views

Improper access control

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user...

4.6CVSS7.2AI score0.00296EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/02/16 5:15 p.m.22 views

Double free

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

4.6CVSS6.8AI score0.00574EPSS
Exploits0References1Affected Software4
Prion
Prion
added 2022/02/16 5:15 p.m.17 views

Double free

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

4.6CVSS6.8AI score0.00725EPSS
Exploits0References1Affected Software5
Rows per page
Query Builder