Alex Williamson - Security Researcher - Exploit Intelligence Platform

CVE-2013-4592 WRITEUP WRITEUP

Linux Kernel < 3.9 - Denial of Service via Memory Leak in __kvm_set_memory_region

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.

View Code

CVE-2016-9083 WRITEUP HIGH WRITEUP

Linux kernel <4.8.11 - Memory Corruption

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

CVSS 7.8

View Code

CVE-2016-9084 WRITEUP HIGH WRITEUP

Linux Kernel < 4.8.11 - Integer Overflow in VFIO PCI Device Handling

drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.

CVSS 7.8

View Code

CVE-2021-3736 WRITEUP MEDIUM WRITEUP

Linux Kernel < 5.14.20 - Memory Leak in VFIO Mediated Device mbochs_ioctl

A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.

CVSS 5.5

View Code