Search results

  1. BelCloud

    CVE-2022-36648 - QEMU UP TO 7.0.0 ROCKER DEVICE

    Hello https://vuldb.com/?id.237695 Does proxmox use the rocker device in any way or are we safe from this? Or can this bug be exploited even if we do not add such a rocker device ? I couldn't find much information about it, but it seems to be high-severity. Thank you
  2. BelCloud

    Proxmox 8 API agent/exec changes

    Hello I have noticed that in Proxmox 8, the <command> parameter for the API call POST /api2/json/nodes/{node}/qemu/{vmid}/agent/exec has been changed from <string> to <array> in the format: [string, ...] Does anyone have a working example with the new format? I have tried to send it as...
  3. BelCloud

    CVE-2023-0330

    Hello Does anyone know if proxmox is vulnerable to CVE-2023-0330 and if there are any patches? It seems to be affecting the lsi53c895a scsi controller on qemu 7.2.0. Would simply switching to virtio-scsi be enough to mitigate this? https://cve.report/CVE-2023-0330
  4. BelCloud

    ZFS rpool instead of rpool/DATA

    Hello Are there any risks or possible issues if we use directly the rpool zfs pool for the VMs, instead of the rpool/DATA as it is by default? Thank you
  5. BelCloud

    CVE-2021-4207

    Hello Is CVE-2021-4207 patched in proxmox 6 and 7 ? https://security-tracker.debian.org/tracker/CVE-2021-4207 Does anyone know if this affects the default vga or virtio-gpu ? Do I understand it correctly that it only affects if the graphic card is set to SPICE? Thank you
  6. BelCloud

    CVE-2021-3748 - QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu

    Hello A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU...
  7. BelCloud

    Is nested virtualization enabled by default in PVE7 ?

    Hello I've noticed that in PVE7, nested virtualization seems enabled by default: # cat /sys/module/kvm_intel/parameters/nested Y # pveversion -V proxmox-ve: 7.1-1 (running kernel: 5.11.22-7-pve) pve-manager: 7.1-6 (running version: 7.1-6/4e61e21c) pve-kernel-5.13: 7.1-4 pve-kernel-helper...
  8. BelCloud

    LVM-Thin broken metadata precautions

    Hello Recently, the raid card (PERC h730p) on one of our nodes got fried. After replacing the card and importing the raid array, we've noticed the lvm thin metadata got corrupted. Check of pool pve/data failed (status:1). Manual repair required! We've tried to repair it with...
  9. BelCloud

    Vlan aware bridge unable to receive vlan traffic

    I've been trying to pass a trunk port directly to a VM, however the incoming traffic does not seem to reach the bridge. My config looks like this: auto vmbr11 iface vmbr11 inet manual bridge_vlan_aware yes bridge_ports eno2 bridge_stp off bridge_fd 0 Vlan id...
  10. BelCloud

    KVM: Cannot allocate memory - although enough memory available

    I've started having this error recently when i try to start a KVM. The server has enough memory available, although it seems to be used in cache. ioctl(KVM_CREATE_VM) failed: 12 Cannot allocate memory kvm: failed to initialize KVM: Cannot allocate memory # free m total...
  11. BelCloud

    pvesh create /cluster/backup failing in the last versions

    Hi I'm having a problem with pvesh. I was using the following command to create the backup jobs: pvesh create /cluster/backup -all 1 -compress lzo -dow sun -dow tue -dow thu -enabled 1 -mode snapshot -starttime 03:00 -storage backup However, currently it's giving the following error...
  12. BelCloud

    GRE tunnel and MTU

    I'm trying to create a GRE tunnel so i can transfer, temporarly, some VMS from one dc to another. I have created a gretap interface between the servers and bridged it to the vmbr1 bridge which is used on the VMs. So far so good, the traffic seems to pass well between the servers. After i have...
  13. BelCloud

    Console start VM without qm

    Hi How can we start or debug the start of a VM witout qm? Because qm doesn't provide more info on what/where the issue is. # qm start 101 malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "(end of string)") at /usr/share/perl5/PVE/Tools.pm...
  14. BelCloud

    Resize root zfs on node

    Hi I'm having the following situation: # zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT rpool 3.62T 3.51T 119G - 54% 96% 1.02x ONLINE - rpool 3.51T 2.35M 104K /rpool rpool/ROOT 1.47G 2.35M...
  15. BelCloud

    ebtables IP - MAC restriction

    Hello Considering ebtables has been addded to proxmox, what options do we have to restrict an IP to specific IPs. Does the 5.2 version have any API option to update the ebtables for a specific VM interface? Is there any way to use the "ipfilter" option to block everything if IP does not match...
  16. BelCloud

    Meltdown/spectre cpu vulns

    Hello Is there any fix for the meltdown / spectre bugs that affect the cpus? I am assuming the qemu+intel cpu would make us vulnerable. Any ideas on mitigating the issue? Thanks
  17. BelCloud

    RRD error: Could not save png to '' - Proxmox 5

    Hello I'm getting the following error on proxmox 5, when trying to access rrd. pvesh get /nodes/jx213-s20/lxc/105/rrd -ds cpu -timeframe day RRD error: Could not save png to '' It's working well on proxmox 4. I've just dist-upgrade today, but did not solve the issue. Anyone's got an idea?
  18. BelCloud

    QEMU update. reboot?

    Hello I've seen some vulnerabilities in qemu-kvm, that were recently patched. For ex, CVE-2017-7980 In the redhat announcements, i saw they require a stop of all VMs for the update to take effect. Do we need to follow the same procedure when proxmox updates the qemu? Or it's patched in...
  19. BelCloud

    Filter ARP

    Hello Is there any way to filter the ARP replies? Ex: 09:45:12.141931 ARP, Reply xx.xx.xx.xxis-at b2:cb:9f:21:38:a8, length 46 I've had today a customer attempting to use another user's IP. The firewall blocked tcp/udp etc, but he still managed to answer ARP requests making the other...
  20. BelCloud

    Limit the number of process threads

    Is there a way to limit the number of process threads per LXC container?

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!