Paolo Bonzini

10 exploits Active since Jul 2015
CVE-2022-0216 WRITEUP MEDIUM WRITEUP
QEMU - Use After Free
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
CVSS 4.4
CVE-2023-42467 WRITEUP MEDIUM WRITEUP
Qemu < 8.0.0 - Divide By Zero
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
CVSS 5.5
CVE-2015-4692 WRITEUP WRITEUP
Linux Kernel < 4.1.3 - Denial of Service
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
CVE-2015-5307 WRITEUP WRITEUP
Linux kernel <4.2.6 & Xen 4.3.x-4.6.x - DoS
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2021-38198 WRITEUP MEDIUM WRITEUP
Linux kernel <5.12.11 - Privilege Escalation
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVSS 5.5
CVE-2022-1263 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.18 - NULL Pointer Dereference
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
CVSS 5.5
CVE-2022-2153 WRITEUP MEDIUM WRITEUP
Linux Kernel - DoS
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
CVSS 5.5
CVE-2022-39189 WRITEUP HIGH WRITEUP
Linux Kernel <5.18.17 - Privilege Escalation
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
CVSS 7.8
CVE-2023-1513 WRITEUP LOW WRITEUP
KVM - Info Disclosure
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVSS 3.3
CVE-2023-30456 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.2.8 - Improper Condition Check
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
CVSS 6.5