Virtualization Host Security Vulnerabilities and Issues — Virtualization Host CVE List

Lucene search

RedhatVirtualization Host

30 matches found

CVE•added 2022/03/10 5:44 p.m.•2055 views

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page c...

7.8CVSS7.7AI score0.82694EPSS

CVE•added 2023/10/03 6:15 p.m.•1175 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS8.2AI score0.74608EPSS

CVE•added 2022/02/16 7:15 p.m.•1023 views

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vu...

7.8CVSS6.1AI score0.04654EPSS

CVE•added 2019/06/19 12:15 a.m.•598 views

CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel ...

7.5CVSS7.3AI score0.12335EPSS

CVE•added 2022/03/03 7:15 p.m.•555 views

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

7.8CVSS8AI score0.06994EPSS

CVE•added 2019/09/17 4:15 p.m.•552 views

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migratio...

7.8CVSS8.3AI score0.00025EPSS

CVE•added 2022/03/18 6:15 p.m.•469 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

7.8CVSS7.7AI score0.00141EPSS

CVE•added 2022/02/16 7:15 p.m.•430 views

CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to con...

7.9CVSS7.2AI score0.00023EPSS

CVE•added 2022/01/20 6:15 p.m.•408 views

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

7.8CVSS7.5AI score0.00039EPSS

CVE•added 2022/03/25 7:15 p.m.•398 views

CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

7.8CVSS7.7AI score0.00046EPSS

CVE•added 2018/01/31 2:29 p.m.•319 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

7.8CVSS8.8AI score0.47265EPSS

CVE•added 2017/12/07 7:29 p.m.•305 views

CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By ...

7.5CVSS7.1AI score0.03997EPSS

CVE•added 2019/01/25 6:29 p.m.•302 views

CVE-2018-16881

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

7.5CVSS7.1AI score0.00436EPSS

CVE•added 2018/03/16 4:29 p.m.•301 views

CVE-2018-1068

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

7.2CVSS6.3AI score0.00053EPSS

CVE•added 2022/03/10 5:44 p.m.•301 views

CVE-2022-0516

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

7.8CVSS7.3AI score0.00027EPSS

CVE•added 2017/12/11 9:29 p.m.•298 views

CVE-2017-1000407

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

7.4CVSS5.9AI score0.00458EPSS

CVE•added 2022/03/03 7:15 p.m.•267 views

CVE-2021-3609

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

7CVSS7.2AI score0.00059EPSS

CVE•added 2018/02/12 7:29 p.m.•259 views

CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

7.8CVSS7AI score0.00079EPSS

CVE•added 2018/07/13 10:29 p.m.•248 views

CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

7.8CVSS7.7AI score0.00062EPSS

CVE•added 2024/02/07 9:15 p.m.•240 views

CVE-2023-6535

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

7.5CVSS6.9AI score0.00035EPSS

CVE•added 2024/02/07 9:15 p.m.•230 views

CVE-2023-6536

7.5CVSS6.9AI score0.00029EPSS

CVE•added 2018/06/12 8:29 p.m.•228 views

CVE-2018-5848

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

7.8CVSS6.3AI score0.00131EPSS

CVE•added 2024/02/07 9:15 p.m.•218 views

CVE-2023-6356

7.5CVSS7AI score0.00031EPSS

CVE•added 2018/09/04 2:29 p.m.•213 views

CVE-2018-10911

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

7.5CVSS7.1AI score0.04624EPSS

CVE•added 2018/05/02 6:29 p.m.•210 views

CVE-2018-10675

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

7.8CVSS7.6AI score0.00055EPSS

CVE•added 2018/05/18 4:29 p.m.•170 views

CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

7.8CVSS7.7AI score0.00809EPSS

CVE•added 2021/05/06 1:15 p.m.•169 views

CVE-2021-3501

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and s...

7.1CVSS6.3AI score0.00039EPSS

CVE•added 2024/04/18 7:15 p.m.•169 views

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

7.1CVSS5.9AI score0.00024EPSS

CVE•added 2018/07/02 1:29 p.m.•155 views

CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

7.8CVSS7.8AI score0.00061EPSS

CVE•added 2018/01/10 3:29 p.m.•153 views

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the callin...

7CVSS7.3AI score0.00104EPSS