Astra Linux – Vulnerability in Qemu

A flaw was discovered in QEMU. An assertion failure occurred in the usbepget function in hw/net/core.c when attempting to retrieve the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service...

Xenstored DoS via XS_RESET_WATCHES command

ISSUE DESCRIPTION Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define...

CVE-2026-31788

A flaw was found in the Linux kernel's Xen privcmd driver. This vulnerability allows a root user process within an unprivileged guest domU to issue arbitrary hypercalls. Such an action could enable the process to modify the kernel's memory, thereby undermining the secure boot feature designed to...

Linux privcmd driver can circumvent kernel lockdown

ISSUE DESCRIPTION The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown secure boot, e.g. by modifying page tables to enable user mode to modify kernel memory. IMPACT An administrator of an unprivileged guest booted in secure mode is able to perform actions on the kernel...

CVE-2026-23555

A flaw was found in Xenstored, the daemon responsible for the Xenstore key-value store in Xen virtual machines. An unprivileged guest can exploit this vulnerability by issuing a Xenstore command that accesses a node using an illegal node path. This can cause Xenstored to crash, leading to a Denia...

UBUNTU-CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001345 advisory. kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's K...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001280)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001280 advisory. A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL lev...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002559 advisory. A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL lev...

OESA-2025-2758 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious...

OESA-2025-2757 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious...

OESA-2025-2599 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious...

OESA-2025-2598 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious...

Medium: qemu

Issue Overview: A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service...

EUVD-2018-11737

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414380 advisory. An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operatio...

EUVD-2024-49120

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-15469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest...

VulnCheck KEV: CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

deadlock potential with VT-d and legacy PCI device pass-through

ISSUE DESCRIPTION When setting up interrupt remapping for legacy PCI-X devices, including PCI-X bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock. IMPACT Th...