SUSE CVE-2025-68259

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard the exception and retry the instruction if the code stream is changed...

CVE-2025-68259

Summary: In the Linux kernel’s KVM/SVM path, re-injecting a soft interrupt when replacing INT3/INT0/INTn can lead to decoding a different instruction and thus a wrong next RIP. This can clobber guest state and trigger a guest panic (e.g., Oops: int3) if the RIP lookup uses the incorrect instructi...

SUSE CVE-2023-53756

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and 'Enlightened MSR Bitmap' when running as a nested hypervisor on top of Hyper-V. When MSR bitmap is updated, evmcstouchmsrbitmap function uses...

CVE-2023-53756 KVM: VMX: Fix crash due to uninitialized current_vmcs

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and 'Enlightened MSR Bitmap' when running as a nested hypervisor on top of Hyper-V. When MSR bitmap is updated, evmcstouchmsrbitmap function uses...

CVE-2025-40274

CVE-2025-40274: Linux kernel KVM guest_memfd memslot binding uses-after-free when gmem dies. The fix removes bindings on memslot deletion even if the guest_memfd file is dying, preventing writes to freed memory (KASAN). Upstream/SUSE advisories (e.g., SUSE-SU-2026:20220-1) indicate the kernel has...

CVE-2025-40266

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

CVE-2025-40266

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

USN-7907-3 linux-gcp, linux-gcp-4.15, linux-hwe vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...

KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT

...

kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

CVE-2025-40184 KVM: arm64: Fix debug checking for np-guests using huge mappings

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...

CVE-2025-40181 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

kernel: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...

kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization guest/host mode behind CONFIGBROKEN Hide KVM's ptmode module param behind CONFIGBROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad...

RISC-V: KVM: Teardown riscv specific bits after kvm_exit

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988689 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988779 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is...

CLSA-2025-1762171389 kernel: Fix of 15 CVEs

nfs: fix possible null-ptr-deref when parsing param CVE-2022-50455 - KVM: arm64: Disassociate vcpus from redistributor region on teardown CVE-2024-40989 - HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 - ALSA: usb-audio: Validate UAC3 cluster segment descriptors...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvmxenschedoppoll does a kmallocarray when a VM polls the host for more than one event channel potr nrports 1. After the kmallocarray, the error paths ne...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...