Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back- end change notifications and call xen9pfsfrontfree twice...

8.8CVSS6.7AI score0.00241EPSS
Exploits0References3
OSV
OSV
added 2024/02/08 7:42 p.m.5 views

USN-6625-2 linux-gcp, linux-gcp-5.4 vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

7CVSS6.8AI score0.00888EPSS
Exploits0References5
OSV
OSV
added 2024/02/08 12:9 a.m.7 views

USN-6626-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...

9CVSS6.9AI score0.0406EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/11/17 2:0 a.m.2 views

SUSE CVE-2023-46836

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

5.1CVSS6.9AI score0.0025EPSS
Exploits0References13
OSV
OSV
added 2023/08/30 9:54 p.m.6 views

CLSA-2023-1693432495 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-4128 - net/sched: clsu32: No longer copy tcfresult on update to avoid use-after- free - net/sched: clsfw: No longer copy tcfresult on update to avoid use-after- free - net/sched: clsroute: No longer copy tcfresult on update to avoid use- after-free...

7.8CVSS7.1AI score0.05794EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...

5.7CVSS6.2AI score0.00248EPSS
Exploits0References18
OSV
OSV
added 2022/10/21 2:24 p.m.14 views

USN-5695-1 linux-gcp vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

8.2CVSS6.7AI score0.02972EPSS
Exploits1References10
OSV
OSV
added 2022/10/17 8:11 p.m.11 views

USN-5684-1 linux-azure vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

8.2CVSS6.7AI score0.02972EPSS
Exploits1References10
OSV
OSV
added 2022/10/13 8:0 p.m.18 views

USN-5678-1 linux-aws, linux-gcp-4.15 vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

8.2CVSS6.7AI score0.02972EPSS
Exploits1References10
OSV
OSV
added 2022/10/10 10:19 p.m.9 views

USN-5669-1 linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

8.2CVSS6.7AI score0.02972EPSS
Exploits1References10
OSV
OSV
added 2022/09/27 6:8 p.m.11 views

USN-5644-1 linux-gcp-5.15 vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7AI score0.05542EPSS
Exploits1References12
OSV
OSV
added 2022/09/21 9:46 a.m.16 views

USN-5624-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-kvm, linux-lowlatency vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS6.9AI score0.05542EPSS
Exploits1References12
OSV
OSV
added 2022/07/06 11:35 a.m.9 views

SUSE-SU-2022:2296-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition bsc1199965 - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings bsc1199966...

7.2CVSS7AI score0.00494EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.3 views

CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

6.9CVSS7.1AI score0.00379EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2022/04/05 1:15 p.m.2 views

CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...

7CVSS6.7AI score0.00248EPSS
Exploits0References10
OSV
OSV
added 2021/09/18 12:37 p.m.6 views

OPENSUSE-SU-2021:3140-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACEgranttable handling XSA-384 bsc1189632. - Upstream bug fixes bsc1027519...

7.8CVSS7.6AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 2015/12/20 12:10 p.m.4 views

USN-2854-1 linux-lts-vivid vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

8.2CVSS7AI score0.0108EPSS
Exploits2References5
OSV
OSV
added 2015/12/19 11:40 a.m.5 views

USN-2849-1 linux-lts-utopic vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

8.2CVSS7AI score0.0108EPSS
Exploits2References5
OSV
OSV
added 2015/12/19 11:37 a.m.4 views

USN-2848-1 linux vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

8.2CVSS7AI score0.0108EPSS
Exploits2References5
Rows per page
Query Builder