- Home
- CVEs with nessus.description==According to the versions of the parallels-server-bm-release /
vzkernel / etc packages installed, the Virtuozzo installation on the
remote host is affected by the following vulnerabilities :
- [x86 AMD] An industry-wide issue was found in the way
many modern microprocessor designs have implemented
speculative execution of Load & Store instructions (a
commonly used performance optimization). It relies on
the presence of a precisely-defined instruction
sequence in the privileged code as well as the fact
that memory read from address to which a recent memory
write has occurred may see an older value and
subsequently cause an update into the microprocessor's
data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an
unprivileged attacker could use this flaw to read
privileged memory by conducting targeted cache
side-channel attacks.
- By mmap()ing a FUSE-backed file onto a process's memory
containing command line arguments (or environment
strings), an attacker can cause utilities from psutils
or procps (such as ps, w) or any other program which
makes a read() call to the /proc/<pid>/cmdline (or
/proc/<pid>/environ) files to block indefinitely
(denial of service) or for some controlled time (as a
synchronization primitive for other attacks).
- A Floating Point Unit (FPU) state information leakage
flaw was found in the way the Linux kernel saved and
restored the FPU state during task switch. Linux
kernels that follow the 'Lazy FPU Restore' scheme are
vulnerable to the FPU state information leakage issue.
An unprivileged local attacker could use this flaw to
read FPU state bits by conducting targeted cache
side-channel attacks, similar to the Meltdown
vulnerability disclosed earlier this year.
- A flaw was found in the way the Linux kernel handled
exceptions delivered after a stack switch operation via
Mov SS or Pop SS instructions. During the stack switch
operation, processor does not deliver interrupts and
exceptions, they are delivered once the first
instruction after the stack switch is executed. An
unprivileged system user could use this flaw to crash
the system kernel resulting in DoS. This CVE-2018-10872
was assigned due to regression of CVE-2018-8897.
Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top