Astra Linux - уязвимость в intel-microcode

Improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: DMA-Direct: Leakage of pages upon failure in dmasetdecrypted In TDX, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail. This results in an error being returned, and the resulting memo...

Astra Linux - уязвимость в intel-microcode

Protection mechanism failure in some 3rd and 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2026-31561 x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

CVE-2026-31470

A flaw was found in the Linux kernel's TDX guest virtualization component. A malicious host can manipulate the 'quote' buffer length, allowing it to specify a response length larger than the guest's allocated memory. This can lead to information disclosure, where sensitive data beyond the intende...

CVE-2025-32467

Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

CVE-2025-32007

Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attac...

CVE-2025-27572

CVE-2025-27572 is an information-disclosure vulnerability in some Intel® Trust Domain Extensions (TDX) modules. A privileged, highly capable attacker with local access could trigger data exposure during transient execution in Ring 0 of the hypervisor. The impact is confined to confidentiality (hi...

CVE-2025-27572

Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access...

PT-2026-7296

Name of the Vulnerable Software and Affected Versions TDX Module versions prior to tdx1.5 Description An out-of-bounds read issue exists within the hypervisor in some TDX Module versions prior to tdx1.5 when operating in Ring 0. A software side channel adversary with a privileged user, combined...

PT-2026-7298

Name of the Vulnerable Software and Affected Versions versions prior to 2025-30513 Description A race condition exists within a TDX Module operating in Ring 0, potentially allowing an escalation of privilege. A system software adversary with privileged user access and a low complexity attack may...

PT-2025-53024

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the Advanced Programmable Interrupt Controller APIC. The APIC supports legacy APIC xAPIC and Extended APIC x2APIC modes. A new feature allows...

DEBIAN-CVE-2025-40181

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

CVE-2025-40181 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

CVE-2025-40181 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

EUVD-2025-93411

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally...

USN-7866-1 intel-microcode vulnerabilities

Barak Gross discovered that some Intel® Xeon® processors with SGX enabled did not properly handle buffer restrictions. A local authenticated user could potentially use this issue to escalate their privileges. CVE-2025-20053 Avinash Maddy discovered that some Intel® processors did not properly...

EUVD-2025-24430

Malicious code in bioql PyPI...

EUVD-2025-24424

Malicious code in bioql PyPI...

EUVD-2025-24417

Malicious code in bioql PyPI...