A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.

netlabel: fix out-of-bounds memory accesses

GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free

The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache aka a Tuple Space Explosion (TSE) attack.

An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32 when processing invalid multi-byte input sequences in the EUC-KR encoding may have a buffer over-read.

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command because a Content-Disposition header can have ../ in a filename as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.