CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

CVE-2026-52968

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine subsystem, specifically affecting s390 PCI devices. This vulnerability arises from incorrect pointer arithmetic during the indexing of the Guest Access Instruction Table GAIT, leading to out-of-bounds memory access. A local...

EUVD-2026-39228

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walks1 and kvmwalknesteds2 expect to be called while holding kvm-srcu to guard against memslot changes. While this is generally the case,...

CVE-2026-53277

The CVE-2026-53277 issue affects the Linux kernel KVM arm64 path. walk_s1() and kvm_walk_nested_s2() are expected to run with kvm->srcu held to guard memslot changes, but __kvm_at_s12() and __kvm_find_s1_desc_level() invoke these walkers without acquiring SRCU. The fix adds acquiring kvm->s...

EUVD-2026-39291

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fixed stack handling in idlekvmstartguest In commit 10d91611f426 “powerpc/64s: Reimplemented the book3s idle code in C”, kvmstartguest became idlekvmstartguest. The old code allocated a stack frame on the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: PPC: Fixed the issue with the vcpuload leak in kvmarchvcpuioctl. The vcpuput function is not called if the user copy fails. This can lead to problems such as corruption of the preempt notifier and system crashes...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: A stack overflow issue was fixed when loading vlenb. The user-space load mechanism can place up to 2048 bits into the xlen bit stack buffer. Since we only need the xlen bits, we check the size of the buffer in advanc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fixed error handling for eventfd in kvmxeneventfdassign Do not call eventfdctxput in case of an error. Introduced a new goto target instead. - Paolo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed the calculation of the base address in the function kvmeiointc regsaccess. In the function kvmeiointc regsaccess, the base address of the register is calculated by adding an offset to the array base address...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check the validity of “numcpu” from user space. The maximum supported CPU number is EIOINTCROUTEMAXVCPUS. For the irchip EIOINTC, validation of the CPU number is added to prevent array pointer overflow...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs: export anoninodemakesecureinode and fix the issue with secretmem LSM bypass. The anoninodemakesecureinode function was exported to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Avoid consuming a stale esr value when an SError occurs When any exception other than an IRQ occurs, the CPU updates the ESREL2 register with the exception syndrome. An SError may also become pending, and will be...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2383-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2383-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: -...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc1263790...

SUSE-SU-2026:2383-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks...

SUSE-SU-2026:2331-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks...

SUSE CVE-2026-46316

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...

CVE-2026-46316

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64, specifically within the vgic-its component. This vulnerability occurs when multiple concurrent operations incorrectly drop the translation cache's reference to an entry more than once during cache invalidation. Thi...

CVE-2026-46317

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange - kvmnesteds2unmap, which can run at any time. kvmvcpuinitnested...