multiple TMEM hypercall vulnerabilities
Several sub-operations of the Transcendent Memory (TMEM) hypercall either do not correctly validate their inputs, do not correctly validate the privilege of the calling guest, or have other security-relevant bugs.
lack of check (invalid input), privilege uncheck
An unprivileged guest can overwrite hypervisor owned memory with the content of their choosing allowing them to escalate their privilege to that of the host.
In addition an unprivileged guest can also crash the hypervisor, leading to a Denial of Service attack.
privilege escalation, DoS