RLSA-2025:18318 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush CVE-2025-38351 kernel: sunrpc: fix client side handling of tls alerts CVE-2025-38571 kernel: eventpoll: Fix semi-unbound...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:03628-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03628-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: ...

SUSE-SU-2025:03628-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. - CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent...

KVM: arm64: Disassociate vcpus from redistributor region on teardown

...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987200)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987200 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-387298)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-387298 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU asyn...

EUVD-2022-55312

Malicious code in bioql PyPI...

EUVD-2025-29599

Malicious code in bioql PyPI...

SUSE-SU-2025:03301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points bsc1232089. -...

SUSE CVE-2023-53319

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

DEBIAN-CVE-2023-53319

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

CVE-2023-53319 KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvmarminit failure correctly in finalizepkvm Currently there is no synchronisation between finalizepkvm and kvmarminit initcalls. The finalizepkvm proceeds happily even if kvmarminit fails resulting in the...

CVE-2025-39823

CVE-2025-39823 is a Linux kernel KVM/CPU virtualization vulnerability affecting x86 where indices from the guest (min, dest_id) were used with array_index_nospec after bounds checks. The issue enables speculative execution side-channel leakage affecting confidentiality, integrity, and availabilit...

CVE-2025-39815 RISC-V: KVM: fix stack overrun when loading vlenb

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand...

[SECURITY] Fedora 43 Update: qemu-10.1.0-6.fc43

qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...

CVE-2023-53208 KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

CLSA-2025-1757699693 kernel-uek: Fix of 16 CVEs

Bluetooth: afbluetooth: Fix Use-After-Free in btsockrecvmsg CVE-2024-21803 - net: defer final 'struct net' free in netns dismantle CVE-2024-56658 - netfilter: validate user input for expected length CVE-2024-35896 - drm/amd/display: Fix out-of-bounds access in 'dcn21linkencodercreate'...

RLSA-2025:12527 Moderate: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...