ALPINE-CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

UBUNTU-CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

CVE-2026-23553

CVE-2026-23553 is an issue in the Xen hypervisor: during context switches, Xen may skip IBPB when a vCPU returns to the same physical CPU, potentially allowing stale BTB/GPU state to persist across tasks and undermine guest kernel isolation. The advisory chain shows the vulnerability is tied to i...

CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

EUVD-2026-4882

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

AZL-78047 CVE-2026-24800 affecting package cloud-hypervisor for versions less than 32.0-6

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in tildearrow furnace extern/zlib modules. This vulnerability is associated with program files inflate.C...

Security Bulletin: This Power System update is being released to address CVE-2025-49087

Summary Mbed-TLS is used by partition firmware for Linux secure boot. This update is being released to mitigate any potential impacts to Linux partitions with secure boot enabled. Vulnerability Details CVEID:CVE-2025-49087 DESCRIPTION: In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing...

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

Security Bulletin: This Power System update is being released to address CVE-2025-36194

Summary The PowerVM hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Vulnerability Details CVEID:CVE-2025-36194 DESCRIPTION: IBM PowerVM hypervisor may expose a limited amount of data to a peer partition in...

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

Security Bulletin: This Power System update is being released to address CVE-2025-49133

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. This issue was fixed in a previous security bulletin for CVE-2025-2884: https://www.ibm.com/support/pages/node/7238453 Vulnerability Details CVEID:CVE-2025-49133 DESCRIPTION: Libtpms is a...

Exploit for CVE-2025-29943

StackWarp: PoC for CVE-2025-29943 Prueba de concepto para la...

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

EUVD-2026-3111

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard non‑administrator local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged...

CVE-2026-21223

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

SUSE CVE-2025-71104

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

MiracleLinux 7 : qemu-kvm-1.5.3-156.el7.5 (AXSA:2018-3289:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3289:06 advisory. QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams CVE-2018-11806 QEMU: i386: multiboot OOB access while loading kernel image...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001278)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001278 advisory. An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not...