VYPR

Kvm

by Jetkvm

Source repositories

CVEs (15)

  • CVE-2026-32295HigMar 17, 2026
    risk 0.42cvss 7.5epss 0.00

    JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.

  • CVE-2026-32294MedMar 17, 2026
    risk 0.31cvss 4.7epss 0.00

    JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.

  • CVE-2026-46131May 28, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: check for nEPT/nNPT in slow flush hypercalls Checking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa() is only valid if an L2 guest is running *with nested EPT/NPT enabled*. Instead…

  • CVE-2021-47112Mar 15, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown…

  • CVE-2021-46978Feb 28, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right…

  • CVE-2023-5090Nov 6, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

  • CVE-2023-1513Mar 23, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.

  • CVE-2022-3344Oct 24, 2022
    risk 0.00cvss epss 0.00

    A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).

  • CVE-2022-39189Sep 2, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

  • CVE-2022-2153Aug 31, 2022
    risk 0.00cvss epss 0.00

    A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific…

  • CVE-2022-1852Jun 30, 2022
    risk 0.00cvss epss 0.00

    A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

  • CVE-2021-3653Sep 29, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue…

  • CVE-2020-2732Apr 8, 2020
    risk 0.00cvss epss 0.01

    A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2…

  • CVE-2019-3016Jan 31, 2020
    risk 0.00cvss epss 0.01

    In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem…

  • CVE-2012-0045Jul 3, 2012
    risk 0.00cvss epss 0.01

    The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as…

VYPR — Vulnerability Intelligence