Likebreath

**Name of the Vulnerable Software and Affected Versions** Cloud Hypervisor versions 30.0 through 31.0 **Description** This issue allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP requests through the HTTP API socket, potentially causing Deny-of-Service (DoS) and possibly a Use-After-Free (UAF) vulnerability. Users need write access to the API socket file to trigger this issue. The vulnerability was initially detected by the `http api fuzzer` via oss-fuzz. **Recommendations** For Cloud Hypervisor versions 30.0 through 31.0, upgrade to version 30.1 or 31.1 to resolve the issue. For users unable to upgrade, ensure the write access to the API socket file is granted to trusted users only as a mitigation measure.

**Name of the Vulnerable Software and Affected Versions** linux-loader versions prior to 0.8.1 **Description** The issue arises when the linux-loader crate uses offsets and sizes from ELF headers to determine read offsets. If these offsets point beyond the file's end, it could lead to an infinite loop in Virtual Machine Monitors using the linux-loader crate, especially if the kernel's ELF header is maliciously modified. The issue can be mitigated by loading only trusted kernel images or verifying that the headers do not point beyond the file's end. **Recommendations** For versions prior to 0.8.1, update to version 0.8.1 to address the issue. As a temporary workaround, consider ensuring that only trusted kernel images are loaded or verifying that the headers do not point beyond the end of the file to minimize the risk of exploitation.