SUSE-SU-2025:02322-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: schets: do not peek at classes beyond 'nbands' bsc1207361 bsc1225468. - CVE-2021-47595: net/sched: schets: do not remove idle classes...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47557: net/sched: schets: do not peek at classes beyond 'nbands' bsc1207361 bsc1225468. CVE-2021-47595: net/sched: schets: do not remove idle classes from...

perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.

...

SUSE-SU-2025:2264-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: schets: do not peek at classes beyond 'nbands' bsc1207361 bsc1225468. - CVE-2021-47595: net/sched: schets: do not remove idle classes from...

The vulnerability of the __kvm_vgic_vcpudestroy() function in the kernel of the Linux operating system’s arch/arm64/kvm/vgic/vgic-init.c file allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmvgicvcpuDestroy function in the kernel of the Linux operating system’s arch/arm64/kvm/vgic/vgic-init.c module is related to the re-use of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the `trace_kvm_nested_vmenter_failed()` function in the `arch/x86/kvm/trace.h` module of the virtualization subsystem on the Linux x86 kernel platform allows a attacker to access protected information or cause service failures.

The vulnerability of the tracekvmnestedvmenterfailed function in the arch/x86/kvm/trace.h module of the virtualization subsystem on the Linux x86 kernel platform is related to improper control of resource identifiers “resource injection”. Exploiting this vulnerability may allow an attacker to...

The vulnerability of the kvm_arch_vcpu_ioctl() function in the arch/x86/kvm/x86.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmarchvcpuioctl function in the arch/x86/kvm/x86.c module of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...

UBUNTU-CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Resets the IRTE to host control if the new route cannot be posted. Restores an IRTE back to host control either remapped or in MSI mode if the new GSI route prevents direct posting of the IRQ to a vCPU, regardless of th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: The mask PEBSENABLE must be set for the guest when the value of vCPU is used. When generating the MSRIA32PEBSENABLE value that will be loaded on the VM-Entry to a KVM guest, the value should be masked with th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with the guest value only before entering the .vcpurun loop. Move the conditional loading of hardware DR6 with the guest’s DR6 value out of the core .vcpurun loop to fix a bug where KVM may load hardware with a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify that the target vCPU is online in kvmgetvcpu It is necessary to explicitly verify that the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is “bad”, the nospec clamping...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: track changespktdata property for global functions CVE-2024-58098 In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs CVE-2024-58100 I...

SUSE-SU-2025:01692-1 Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005573 fixes several issues. The following security issues were fixed: - CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504. -...

SUSE-SU-2025:20340-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: - CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 - CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 - CVE-2024-50115: KVM:...

SUSE-SU-2025:20368-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: - CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 - CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 - CVE-2024-50115: KVM:...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

DEBIAN-CVE-2025-37957

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f "KVM: x86: forcibly leave nested mode on vCPU reset" addressed an issue where a triple fault occurring in nested mode could lead to...

UBUNTU-CVE-2025-37936

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBSENABLE loaded for guest with vCPU's value. When generating the MSRIA32PEBSENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU's desired PEBSENABLE value...