CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 1CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. Se ha encontrado un fallo en el código AMD de KVM para soportar la virtualización anidada SVM. • https://github.com/rami08448/CVE-2021-3656-Demo https://bugzilla.redhat.com/show_bug.cgi?id=1983988 https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://www.openwall.com/lists/oss-security/2021/08/16/1 https://access.redhat.com/security/cve/CVE-2021-3656 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20257 – QEMU: net: e1000: infinite loop while processing transmit descriptors
https://notcve.org/view.php?id=CVE-2021-20257
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1930087 https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220425-0003 https://www.openwall.com/lists/oss-security/2021/02/25/2 https://access.redhat.com/security/cve/CVE-2021-20257 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html https://security-tracker.debian.org/tracker/CVE-2019-12067 https://security.netapp.com/advisory/ntap-20210727-0001 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20267
https://notcve.org/view.php?id=CVE-2021-20267
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1934330 https://security.openstack.org/ossa/OSSA-2021-001.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31918 – tripleo-ansible: ansible.log file is visible to unprivileged users
https://notcve.org/view.php?id=CVE-2021-31918
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en la versión tripleo-ansible como es enviado en Red Hat Openstack versión 16.1. El archivo de registro de Ansible es legible para todos los usuarios durante la actualización y creación de la pila. • https://bugzilla.redhat.com/show_bug.cgi?id=1954250 https://access.redhat.com/security/cve/CVE-2021-31918 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •