[SECURITY] Fedora 43 Update: qemu-10.1.0-6.fc43

qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...

CVE-2023-53208 KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

CLSA-2025-1757699693 kernel-uek: Fix of 16 CVEs

Bluetooth: afbluetooth: Fix Use-After-Free in btsockrecvmsg CVE-2024-21803 - net: defer final 'struct net' free in netns dismantle CVE-2024-56658 - netfilter: validate user input for expected length CVE-2024-35896 - drm/amd/display: Fix out-of-bounds access in 'dcn21linkencodercreate'...

RLSA-2025:12527 Moderate: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

UBUNTU-CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

...

KVM: s390: vsie: fix race during shadow creation

...

Linux Distros Unpatched Vulnerability : CVE-2025-38506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SN...

SUSE-SU-2025:02996-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

SUSE CVE-2025-38506

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory 1TB+, the host can experience CPU soft lockups when running an operation in...

CVE-2025-38506 KVM: Allow CPU to reschedule while setting per-page memory attributes

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory 1TB+, the host can experience CPU soft lockups when running an operation in...

Linux Distros Unpatched Vulnerability : CVE-2025-23135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RISC-V: KVM: Teardown riscv specific bits after kvmexit During a module removal, kvmexit invokes arch specific disable call which disables AIA. However, we invo...

Linux Distros Unpatched Vulnerability : CVE-2017-12154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02...

Unbreakable Enterprise kernel security update

5.15.0-311.185.9 - nfs: ignore SBRDONLY when remounting nfs Li Lingfeng Orabug: 37781252 5.15.0-311.185.8 - net/mlx5: Add poll-eq API to be used by ULP's Praveen Kumar Kannoju Orabug: 38182400 - net/rds: poll eq during user-reset Praveen Kumar Kannoju Orabug: 38189328 5.15.0-311.185.7 - perf: Fix...

Linux Distros Unpatched Vulnerability : CVE-2024-35804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic...

Linux Distros Unpatched Vulnerability : CVE-2021-47060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvmiobusunregisterdev fails to allocate memory for...

Linux Distros Unpatched Vulnerability : CVE-2021-47110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machineshutdown hook and this only happens for boot CPU. We need to disable...

Linux Distros Unpatched Vulnerability : CVE-2021-47296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvmarchvcpuioctl vcpuload leak vcpuput is not called if the user copy fails...

The vulnerability in the module arch/loongarch/kvm/intc/eiointc.c of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the arch/loongarch/kvm/intc/eiointc.c module of Linux operating systems is related to incorrect array index checking. Exploiting this vulnerability can allow an attacker to cause a service failure...