Search results

Hello! Could we get an official opinion on this?

Does this have any effect on VMs/zvols? Or only on containers/host filesystem?

Thank you!

Yes, but 7 is still supported.

Hello https://vuldb.com/?id.237695 Does proxmox use the rocker device in any way or are we safe from this? Or can this bug be exploited even if we do not add such a rocker device ? I couldn't find much information about it, but it seems to be high-severity. Thank you

Thank you very much! Do you know if there are any other planned changes to this function, as parameters? As it's a breaking change from 7 to 8 and the new implementation will create a lot of issues in existing libraries. It might be better to deprecate the command parameter and create a new...

In theory, it's a single array called command, that's how it's normally done when sending a POST with urlencode data. The exact JSON counterpart of the above request is {"command":["\/bin\/bash","\/tmp\/myscript"]} , but sending it as JSON will require modifying all existing Proxmox libraries...

Thank you for the reply! With curl, it should be something like this: curl -sSk -H 'Authorization: PVEAPIToken=TOKEN' -X POST --data command[]="/bin/bash" --data command[]="/tmp/myscript" https://HOST:8006/api2/json/nodes/NODE/qemu/100/agent/exec But it returns the same error as with my...

Hello I have noticed that in Proxmox 8, the <command> parameter for the API call POST /api2/json/nodes/{node}/qemu/{vmid}/agent/exec has been changed from <string> to <array> in the format: [string, ...] Does anyone have a working example with the new format? I have tried to send it as...

Thank you very much!

Hello Does anyone know if proxmox is vulnerable to CVE-2023-0330 and if there are any patches? It seems to be affecting the lsi53c895a scsi controller on qemu 7.2.0. Would simply switching to virtio-scsi be enough to mitigate this? https://cve.report/CVE-2023-0330

Very good idea, thank you!

Thank you very much for the reply! It's a mistake I did as I added a node to the cluster which had only lvm-thin storages, and when I added the zfs storage in the cluster for the specific node, I left it on the default rpool. Not sure If I should transfer the VMs from it and reinstall or leave...

Hello Are there any risks or possible issues if we use directly the rpool zfs pool for the VMs, instead of the rpool/DATA as it is by default? Thank you

Thank you very much! Doesn't "potentially execute arbitrary code within the context of the QEMU process" mean they could execute code on the host, as the qemu process runs as root?

Hello Is CVE-2021-4207 patched in proxmox 6 and 7 ? https://security-tracker.debian.org/tracker/CVE-2021-4207 Does anyone know if this affects the default vga or virtio-gpu ? Do I understand it correctly that it only affects if the graphic card is set to SPICE? Thank you

Hello A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU...

Hello I've noticed that in PVE7, nested virtualization seems enabled by default: # cat /sys/module/kvm_intel/parameters/nested Y # pveversion -V proxmox-ve: 7.1-1 (running kernel: 5.11.22-7-pve) pve-manager: 7.1-6 (running version: 7.1-6/4e61e21c) pve-kernel-5.13: 7.1-4 pve-kernel-helper...

Hello Recently, the raid card (PERC h730p) on one of our nodes got fried. After replacing the card and importing the raid array, we've noticed the lvm thin metadata got corrupted. Check of pool pve/data failed (status:1). Manual repair required! We've tried to repair it with...

You could use kernelcare to keep the kernel patched. That's what we are using.