CLSA-2026-1778125769 qemu-kvm: Fix of 3 CVEs

CVE-2023-3019: net: improper synchronization in net device backends - CVE-2023-42467: scsi-disk: division by zero in scsidiskemulatemodeselect - CVE-2024-26327: pciesriov: NumVFs validation buffer overflow...

CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

PT-2026-37470

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pci dev is disconnected to skip ATS...

Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards

Overview A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU...

EUVD-2025-22673

Malicious code in bioql PyPI...

EUVD-2024-53764

Malicious code in bioql PyPI...

CVE-2025-38414

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix GCCGCCPCIEHOTRST definition for WCN7850 GCCGCCPCIEHOTRST is wrongly defined for WCN7850, causing kernel crash on some specific platforms. Since this register is divergent for WCN7850 and QCN9274, move it to...

CVE-2025-38414 wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix GCCGCCPCIEHOTRST definition for WCN7850 GCCGCCPCIEHOTRST is wrongly defined for WCN7850, causing kernel crash on some specific platforms. Since this register is divergent for WCN7850 and QCN9274, move it to...

CVE-2022-49605 igc: Reinstate IGC_REMOVED logic and implement it properly

In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGCREMOVED logic and implement it properly The initially merged version of the igc driver code via commit 146740f9abc4, "igc: Add support for PF" contained the following IGCREMOVED checks in the igcrd32/wr32 MMIO...

CVE-2024-57809

A flaw was found in the PCI-imx6 module in the Linux kernel. The suspend/resume support is missing in the i.MX6QDL platforms, allowing certain drivers, such as ath10k and iwlwifi, to crash after resuming, causing a kernel hang and a denial of service. Mitigation Mitigation for this issue is eithe...

CVE-2024-57809

In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata ERR005723: https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patc...

CVE-2024-57809

Technical details about CVE-2024-57809 are not provided in the supplied documents. No affected products/versions or remediation steps are present. Monitor for vendor advisories for confirmation of impact and fixes.

CVE-2021-33098

A flaw was found in the Linux kernel. This flaw allows an attacker who can modify the MTU of a virtualized PCIe device in a guest, for example to crash the host system’s kernel if they set the MTU of the VF device to an unsupported value. Mitigation Mitigation for this issue is either not availab...