CVE-2023-53319

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

CVE-2023-53208 KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

Branch Predictor Isolation in KVM-QEMU

Summary Researchers claim new KVM-QEMU primitives allow exploitation of Spectre V2 resulting in information leakage in various cloud scenarios. KVM-QEMU is a combination of KVM Kernel-based Virtual Machine, a Linux kernel module that enables hardware-assisted virtualization and Quick Emulator QEM...

DEBIAN-CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

CVE-2025-39704

CVE-2025-39704 relates to a Linux kernel issue for LoongArch KVM where send_ipi_data() may trigger a stack-protector based panic if kvm_io_bus_read() writes an 8-byte value regardless of the declared length. The root cause is a buffer handling mismatch in certain emulation paths (e.g., loongarch_...

PT-2025-36298

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.17.0-rc1+ 102 Description: A stack buffer overflow issue exists in the send ipi data function within the Linux kernel, specifically related to the LoongArch architecture and KVM functionality. The kvm io bus...

kvm: s390: Reject memory region operations for ucontrol VMs

...

LoongArch: KVM: Mark hrtimer to expire in hard interrupt context

...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

PT-2025-44106

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-smp--e6c618b51cfe-sleep 782 Description The Linux kernel contained an issue in the KVM component related to SVM fastpath emulation. Specifically, the fastpath emulation was not being skipped on VM-Exit if...

Linux Distros Unpatched Vulnerability : CVE-2025-38366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of numcpu from user space The maximum supported cpu number is...

Linux Distros Unpatched Vulnerability : CVE-2025-37957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f KVM: x86: forcibly leave nested mode on vCPU reset addressed an issue...

Linux Distros Unpatched Vulnerability : CVE-2025-37936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBSENABLE loaded for guest with vCPU's value. When generating the...

Linux Distros Unpatched Vulnerability : CVE-2025-38396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export...

Linux Distros Unpatched Vulnerability : CVE-2025-37849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioc...

Linux Distros Unpatched Vulnerability : CVE-2025-21839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core...

KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

...

KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses

...

KVM: x86: Reset IRTE to host control if *new* route isn't postable

...

UBUNTU-CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...