Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.4 views

SUSE CVE-2020-25602

An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSRMISCENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the...

6.2CVSS6.6AI score0.00324EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2022/07/26 1:15 p.m.4 views

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References10
Xen Project
Xen Project
added 2021/03/04 10:58 a.m.86 views

Linux: special config may crash when trying to map foreign pages

ISSUE DESCRIPTION With CONFIGXENBALLOONMEMORYHOTPLUG disabled and CONFIGXENUNPOPULATEDALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONEDEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the...

6.5CVSS0.7AI score0.00424EPSS
Exploits0
OSV
OSV
added 2019/10/31 2:15 p.m.0 views

DEBIAN-CVE-2019-18420

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOPinitialise hypercall. hypercallcreatecontinuation is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format...

6.5CVSS6.6AI score0.02522EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2016/08/10 9:49 a.m.86 views

USN-3050-1: Linux kernel (OMAP4) vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

8.4CVSS7.4AI score0.01234EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/06/10 5:46 a.m.87 views

USN-3003-1: Linux kernel vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
added 2016/06/10 5:40 a.m.79 views

USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2016/06/10 12:0 a.m.52 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3006-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3006-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

7.8CVSS7.1AI score0.06438EPSS
Exploits6References11
Rows per page
Query Builder