SUSE CVE-2025-40065

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits According to the RISC-V Privileged Architecture Spec, when MODE=Bare is selected,software must write zero to the remaining fields of hgatp. We have detected the valid mode...

CVE-2025-40026

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...

CVE-2025-40038

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...

CVE-2025-40038

CVE-2025-40038 affects the Linux kernel KVM/SVM fastpath handling. The vulnerability arises when VM-Exit handling attempts to decode and emulate an instruction to skip WRMSR/HLT fastpaths if the next RIP is not valid, which can require reading guest memory. Reading guest memory via the emulator c...

RLSA-2025:18318 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush CVE-2025-38351 kernel: sunrpc: fix client side handling of tls alerts CVE-2025-38571 kernel: eventpoll: Fix semi-unbound...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:03628-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03628-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: ...

SUSE-SU-2025:03628-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. - CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent...

KVM: arm64: Disassociate vcpus from redistributor region on teardown

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-387298)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-387298 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU asyn...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987200)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987200 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of...

EUVD-2025-29599

Malicious code in bioql PyPI...

EUVD-2022-55312

Malicious code in bioql PyPI...

SUSE-SU-2025:03301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points bsc1232089. -...

SUSE CVE-2023-53319

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

DEBIAN-CVE-2023-53319

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

CVE-2023-53319 KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

CVE-2025-39823

CVE-2025-39823 is a Linux kernel KVM/CPU virtualization vulnerability affecting x86 where indices from the guest (min, dest_id) were used with array_index_nospec after bounds checks. The issue enables speculative execution side-channel leakage affecting confidentiality, integrity, and availabilit...

CVE-2025-39815 RISC-V: KVM: fix stack overrun when loading vlenb

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand...

[SECURITY] Fedora 43 Update: qemu-10.1.0-6.fc43

qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...