Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)

Red Hat AI Inference Server 3.2.5 ROCm is now available. Red Hat® AI Inference Server...

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

An ongoing campaign has been observed targeting Amazon Web Services AWS customers using compromised Identity and Access Management IAM credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security...

EUVD-2025-203666

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

CVE-2025-68230

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

UBUNTU-CVE-2025-68207

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation. cherry pick...

UBUNTU-CVE-2025-68230

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

CVE-2025-68230

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

CVE-2025-68230

CVE-2025-68230 concerns the Linux kernel, specifically the drm/amdgpu path under PF passthrough. The issue occurs after a hibernate cycle: on resume, partition state is not restored correctly, leading to an incorrect mmCP_HYP_XCP_CTL/mmCP_PSP_XCP_CTL configuration and, when the CP accesses the MQ...

CVE-2025-68207 drm/xe/guc: Synchronize Dead CT worker with unbind

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation. cherry pick...

CVE-2025-68207 drm/xe/guc: Synchronize Dead CT worker with unbind

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation. cherry pick...

PT-2025-51620

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/XE/GUC subsystem where a Dead CT worker may not be properly synchronized during device unbinding. This can lead to the worker attempting to use...

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-7936-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7936-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

USN-7936-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Compute Acceleration Framework; - Media drivers; - Netfilter; - TLS protocol; CVE-2025-39946,...

USN-7936-1 linux-oem-6.14 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Compute Acceleration Framework; - Media drivers; - Netfilter; - TLS protocol; CVE-2025-39946,...

USN-7926-1 keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)

Red Hat AI Inference Server 3.2.2 CUDA is now available. Red Hat® AI Inference Server...

EUVD-2025-201467

nitro-tpm-pcr-compute may allow kernel command line modification by an account operator...

GHSA-XRV8-2PF5-F3Q7 nitro-tpm-pcr-compute may allow kernel command line modification by an account operator

Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...