291 matches found
SUSE CVE-2013-2212
The vmxsetucmode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service CPU consumption and possibly hypervisor or guest kernel panic via a crafted GFN range...
SUSE CVE-2016-2271
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service guest crash via vectors related to a non-canonical RIP...
SUSE CVE-2017-8106
The handleinvept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service NULL pointer dereference and host OS crash via a single-context INVEPT instruction with a NULL EPT pointer...
CVE-2022-2196 Speculative execution attacks in KVM VMX
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L2 with code...
VMware ESXi 7.0 / 8.0 Heap Out-of-bounds Write (VMSA-2022-0033)
VMware ESXi contain a heap out-of-bounds write vulnerability in the USB 2.0 controller EHCI. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. The exploitation is contained...
virt-v2v security, bug fix, and enhancement update
2.0.7-6.0.1 - Replaced bugzilla.oracle.com references Orabug: 34202300 - replaced upstream references Orabug:34089586 1:2.0.7-6 - Install qemu-ga package during conversion resolves: rhbz2028764 1:2.0.7-5 - Remove LVM2 devices file during conversion resolves: rhbz2112801 - Add support for Zstandar...
PT-2025-18798
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to KVM Kernel-based Virtual Machine and VMX Virtual Machine Extensions. The issue involves resetting eVMCS controls in the...
CVE-2022-31681
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host...
CVE-2022-31681
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host...
CVE-2022-31681
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host...
GSD-2022-1004147 KVM: VMX: Prevent RSB underflow before vmenter
KVM: VMX: Prevent RSB underflow before vmenter This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.14 by commit...
The vulnerability of the VMX service on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a perpetrator to escalate their privileges.
The vulnerability of the VMX service on the VMware Cloud Foundation and the VMware ESXi hypervisor platform is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2022-0001
A flaw was found in hw. The Branch History Injection BHI describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to...
ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0004)
The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, including the following: - VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtua...
CVE-2021-22041
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...
CVE-2021-22040
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...
CVE-2021-22042
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user...
Improper access control
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user...
Double free
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...
Double free
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...