Details: On setups using the Ceph management stack, a highly-privileged user could trigger the creation of a task log file and its parent directories outside of the intended location inside /var/log/pve/tasks.
This vulnerability does not allow overwriting an existing file. The created task log file's name always ends in :user@realm: (user and realm are placeholders for the actual user triggering the issue, and its realm). Its content is the task log which is not under control of the user.
Only users/tokens with the Sys.Modify privilege can trigger this issue. This privilege already "allow(s) modifying aspects of the system or its configuration that are dangerous or sensitive" (see references).
Subject: PSA-2025-00010-1: libtpms0/swtpm out of bounds read vulnerability
Advisory date: 2025-06-23
Packages: libtpms0
Details: libtpms, a library for integrating TPM functionality into QEMU was affected by an out of bounds read vulnerability that could be used to trigger an abort of swtpm, rendering the virtual TPM assigned to a QEMU VM inoperable.
Subject: PSA-2025-00011-1: Lack of support for OVS bridges in nftables-based firewall (tech-preview)
Advisory date: 2025-07-09
Packages: pve-firewall/qemu-server/pve-container
Details: When using the optional nftables-based firewall implementation, OVS bridges used for guest vNICs where not configured using intermediate firewall bridges. As a result, traffic flowing to/from guests on an OVS bridge was not visible in the netfilter bridge table, and not filtered according to the ruleset.
Note: The nftables feature is an opt-in technology preview. Setups using regular linux bridges are not affected.
Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot
Advisory date: 2025-07-10
Packages: grub-efi-amd64-signed 1+2.06+13+pmx6
Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the assumption that the NTFS Grub module could not be loaded with Secure Boot enabled. However, this was not the case when the module was part of the monolithic GRUB EFI binary used in default setups that enable Secure Boot. To fix this, exclude the NTFS module from being part of the monolithic GRUB EFI binary.
Subject: PSA-2025-00013-1: stored XSS in config values
Advisory date: 2025-08-14
Packages: pve-manager
Details: The HTTP proxy, WebAuthN and U2F setting dialogues in the web interface were susceptible to XSS. Editing these settings requires the Sys.Modify privilege on the ACL path /, which is only given to users with the Adminstrator role by default.
Subject: PSA-2025-00016-1: Spectre branch target injection from VM guests ("VMScape")
Advisory date: 2025-09-17
Packages: proxmox-kernel-6.8, proxmox-kernel-6.14
Details: Incomplete branch predictor isolation mechanisms allow exploitation of branch prediction across hypervisor/guest context switches, potentially leaking secrets from the host userspace or other guests by an attacker with control over a VM.
Fixed:
For Debian Trixie based releases, like Proxmox VE 9, Proxmox Backup Server 4 or Proxmox Datacenter Manager Beta:
- Package proxmox-kernel-6.14.11-2-pve-signed in version 6.14.11-2
For Debian Bookworm based releases, like Proxmox VE 8, Proxmox Backup Server 3 or Proxmox Mail Gateway 8:
- Package proxmox-kernel-6.14.8-3-bpo12-pve-signed in version 6.14.8-3~bpo12+1
- Package proxmox-kernel-6.8.12-15-pve-signed in version 6.8.12-15
Subject: PSA-2025-00017-1: pre-generated "snakeoil" certificate in container templates
Advisory date: 2025-09-17
Packages: pve-container
Details: Any Debian-based container template that includes the "ssl-cert" package contains a self-signed "snakeoil" certificate and its corresponding key. This certificate and key pair are used by many packages in their default configurations to enable TLS out of the box. However, the certificate and key pair were not regenerated during the initial container setup. This reuse leaves the system vulnerable to man-in-the-middle (MITM) attacks unless a proper production certificate and key pair are deployed.
Subject: PSA-2025-00018-1: buffer overflow in vncterm/spiceterm handling of ANSI escape sequences
Advisory date: 2025-09-22
Packages: vncterm, spiceterm
Details: vncterm and spiceterm are utilies that are spawned when initiating a VNC or SPICE session, respectively, for accessing a node or container console via the GUI. Both utilities implement basic support for parsing ANSI escape sequences. The ANSI escape sequence parser was susceptible to a buffer overflow flaw, which could potentially be exploited by a sufficiently privileged attacker that has the permission to open a node or container console in the GUI.
Opening a node console requires the Sys.Console privilege. Opening a container console requires the VM.Console privilege.
The issue was discovered and reported by Johannes Altmanninger <aclopte@gmail.com>.
Fixed:
- vncterm >= 1.9.1 for Proxmox VE 9
- vncterm >= 1.8.1 for Proxmox VE 8
- spiceterm >= 3.4.1 for Proxmox VE 9
- spiceterm => 3.3.1 for Proxmox VE 8
