MiracleLinux 4 : qemu-kvm-0.12.1.2-2.448.AXS4.3 (AXSA:2015-140:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-140:02 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Security issues fixed with this release: CVE-2015-3456 Tenab...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002559 advisory. A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL lev...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002231)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002231 advisory. The recalculateapicmap function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service ho...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002025)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002025 advisory. Array index error in the kvmvmioctlcreatevcpu function in virt/kvm/kvmmain.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002101)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002101 advisory. The emsysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to ga...

CVE-2025-71104 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

CVE-2025-71104

The CVE-2025-71104 entry concerns the Linux kernel KVM on x86 with the HV timer. Root cause: when advancing the guest APIC timer expiration in periodic mode, adding a period to a past target expiration can create an unbounded sequence of hrtimer IRQs; if the guest is paused, this can trigger host...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.209.AXS4.4 (AXSA:2012-478:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-478:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

CVE-2025-68810 KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot

In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVMMEMGUESTMEMFD on an existing memslot Reject attempts to disable KVMMEMGUESTMEMFD on a memslot that was initially created with a guestmemfd binding, as KVM doesn't support toggling KVMMEMGUESTMEMFD on...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000260)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000260 advisory. An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000309 advisory. A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000292)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000292 advisory. The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Tenable has extracted the preceding description block directly from the Unity Linux...

Linux Distros Unpatched Vulnerability : CVE-2023-54241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 MIPS: Remove KVMTE support we get a NULL pointer dereference when creating a KVM...

EUVD-2023-60400

In the Linux kernel, the following vulnerability has been resolved: MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 "MIPS: Remove KVMTE support" we get a NULL pointer dereference when creating a KVM guest: 146.243409 Starting KVM with MIPS VZ extensions 149.849151 CP...

CVE-2023-54296

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

CVE-2023-54296 KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

PT-2025-54070

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc3+ 1671 Description The Linux kernel contains a flaw related to KVM on MIPS architecture. Specifically, a NULL pointer dereference can occur when creating a KVM guest after a commit removed KVM TE support...

CVE-2023-54092

CVE-2023-54092 (Linux kernel, s390 PKVM): The vulnerability concerns KVM on s390 where the index field of the guest ASCE’s struct page could be incorrect during replacement in s390_replace_asce(). Specifically, the new ASCE’s index must be 0, otherwise addresses used for PTE invalidation notifica...

CVE-2023-54024 KVM: Destroy target device if coalesced MMIO unregistration fails

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvmiobusunregisterdev does not destroy the targ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to destroy the target device when the KVM merge MMIO device logout fails, potentially leading to...