SUSE CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

Astra Linux - уязвимость в xen

A issue was discovered in Xen through version 4.11.x, allowing users of x86 Intel HVM guest operating systems to obtain unintended read/write DMA access. This could potentially lead to a denial of service causing the host operating system to crash or result in privilege escalation. This issue...

Xen 竞争条件问题漏洞

Xen is an open-source virtual machine monitor product developed by Xen. This product allows different and incompatible operating systems to run on the same computer. It also supports migration during runtime, ensuring smooth operation and avoiding downtime. Xen has a race condition vulnerability,...

SUSE CVE-2026-23401

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so after dropping/zapping the existing SPTE if it's shadow-present. While commit a54aa15c6bda3 was right about...

x86: buffer overrun with shadow paging + tracing

ISSUE DESCRIPTION Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing. IMPAC...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50253: bpf: make sure skb-len != 0 when redirecting to a tunneling device bsc1249912. CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in...

UBUNTU-CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

CVE-2025-58149

CVE-2025-58149 affects the Xen hypervisor. The detach logic for PCI devices fails to remove access permissions to 64‑bit memory BARs when a device is unplugged, allowing PV guests to access memory of devices no longer assigned to them (HVM implications noted with required compromised device model...

Mutiple vulnerabilities in the Viridian interface

ISSUE DESCRIPTION There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a...

Linux Distros Unpatched Vulnerability : CVE-2022-42333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to...

OESA-2025-1873 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabl...

The vulnerability of the Windows Hyper-V hardware virtualization system of Microsoft Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Windows Hyper-V hardware virtualization technology in Microsoft Windows operating systems is related to synchronization errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

PT-2025-9009 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified, specifically in the xen hypercall hvm function used when running as a Xen PVH guest. This function clobbers the %rbx register,...

The vulnerability of the VSP Elevation function in the hardware virtualization technology of Windows Hyper-V operating systems allows attackers to elevate their privileges to the SYSTEM level.

The vulnerability of the VSP Elevation function in the hardware virtualization layer of Windows Hyper-V operating systems involves the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

The vulnerability of the VSP Elevation function in the hardware virtualization technology of Windows Hyper-V operating systems allows attackers to elevate their privileges to the SYSTEM level.

The vulnerability of the VSP Elevation function in the hardware virtualization layer of Windows Hyper-V operating systems involves the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

PT-2025-43034

Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Certain hypercalls within xen can be specified in a manner that presents a security concern. The description does not provide details about the nature of the issue or any specific technical detai...

The vulnerability of the Windows Hyper-V hardware virtualization system, related to the return of an incorrect code state, allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to the return of an incorrect code state. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the KVM kernel component of the Linux operating system, which allows a hacker to gain access to confidential information

The vulnerability of the Linux operating system’s KVM kernel component is related to excessive data output in the vmxgetperfcapabilities function. Exploiting this vulnerability can allow an attacker to gain access to confidential information...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to improper checking of the return value of a function. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Microsoft Windows Hyper-V Denial of Service Vulnerability (CNVD-2024-40539)

Microsoft Windows Hyper-V is a tool from Microsoft USA that provides hardware virtualization. A denial of service vulnerability exists in Microsoft Windows Hyper-V, which can be exploited by attackers to cause a denial of service...