CVE-2025-35979

A flaw was found in the kernel. This vulnerability, affecting some IntelR Processors, involves shared microarchitectural predictor state that influences transient execution within VMX non-root guest operation. An unprivileged software adversary with an authenticated user can exploit this locally ...

Guest Initiated Machine Check Errors

Summary AMD received a report from the security team at Amazon Web Services AWS indicating that it may be possible for guest VMs to cause a crash of a host system. By flooding the host system with a large number of malformed System Management Interrupts SMIs, it may be possible for a guest VM to...

CVE-2025-41246

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...

VMware Tools for Windows 安全漏洞

VMware Tools for Windows is a set of Windows-based, VMWare virtual machine enhancement tools from VMware, which are drivers provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with those of the host. A...

Linux Distros Unpatched Vulnerability : CVE-2022-31609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where it allows the guest VM to allocate resources for which the guest is...

Imagination GPU Driver 安全漏洞

Imagination GPU Driver is a graphics driver from Imagination. A security vulnerability exists in Imagination GPU Driver that stems from the possibility that Guest VMs may make improper GPU system calls, which could result in the GPU being unavailable to other Guests...

ALSA-2025:A002 Moderate: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools:A malicious actor with non-administrative...

CVE-2025-21431

Information disclosure may be there when a guest VM is connected...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...

SUSE CVE-2021-26342

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer TLB following a particular sequence of operations that includes creation of a new virtual machine control block VMCB. The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for...

CVE-2022-31609

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure...

NVIDIA vGPU Software 安全漏洞

NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security...

USN-5071-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

April 25, 2019—KB4493453 (Preview of Monthly Rollup)

April 25, 2019—KB4493453 Preview of Monthly Rollup Starting with KB 4493472 Monthly Rollup updates will no longer include PciClearStaleCache.exe. This installation utility addressees inconsistencies in the internal PCI cache. This can cause the symptoms listed below when installing monthly update...

September 20, 2018—KB4457139 (Preview of Monthly Rollup)

September 20, 2018—KB4457139 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4457144 released September 11, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Address...

November 13, 2018—KB4464455 (OS Build 17763.107)

November 13, 2018—KB4464455 OS Build 17763.107 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that incorrectly implies that user policies have not been applied after...

September 20, 2018—KB4458315 (Preview of Monthly Rollup)

September 20, 2018—KB4458315 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4458010 released September 11, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: No...

CVE-2018-6969

VMware Tools 10.x and prior before 10.3.0 contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing mu...

RHEL 7 : qemu-kvm (RHSA-2017:1430)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...