RLSA-2026:18465 Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 For more details about the security...

Linux Distros Unpatched Vulnerability : CVE-2026-46113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This...

SUSE CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-46071

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

CVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a UD when EFER.SVME is not set. Add a check to properly inject UD when EFER.SVME=0. sean: tag for stable@...

Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

Linux Distros Unpatched Vulnerability : CVE-2026-43133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state made KVM always use...

Linux Distros Unpatched Vulnerability : CVE-2026-31591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing...

CVE-2026-31593

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

CLSA-2026-1775655705 kernel-uek: Fix of 34 CVEs

ALSA: usb-audio: Fix use-after-free in sndusbmixerfree CVE-2026-23089 - HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 - KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory CVE-2024-50115 - KVM: x86: Reset IRTE to host control if new route isn't postable CVE-2025-37885...

CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so after dropping/zapping the existing SPTE if it's shadow-present. While commit a54aa15c6bda3 was right about...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50170)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50170 advisory. 6.12.0-200.74.27.1 - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE Sean Christopherson Orabug: 39071315 Tenable has extract...

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update is available for seabios, swtpm, perl-Sys-Virt, module.supermin, module.libiscsi, module.libvirt-dbus, libvirt-dbus, module.swtpm, module.virt-v2v, module.sgabios, module.perl-Sys-Virt, libvirt-python, module.libvirt-python, netcf, module.netcf, module.seabios, module.libguestfs, hivex,...

SUSE-SU-2026:20667-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui bsc1254992. - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

UBUNTU-CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005 x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004156 advisory. A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstance...