CVE-2025-21431

CVE-2025-21431 concerns a TOCTOU race condition in an Automotive OS Platform affecting Qualcomm chipsets. The vulnerability enables information disclosure when a guest VM is connected. Root cause and affected component are described in the CVE records and related entries (e.g., Red Hat and CVE li...

PT-2025-15206 · Qualcomm · Snapdragon +29

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Information disclosure may occur when a guest VM is connected. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

CVE-2025-21949

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case "testcases/bin/hugefork02", there is a dmesg error report message such as: kernel BUG at mm/hugetlb.c:5550! Oops - BUG1: CPU: 0 UID: 0 PID: 1517...

CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case "testcases/bin/hugefork02", there is a dmesg error report message such as: kernel BUG at mm/hugetlb.c:5550! Oops - BUG1: CPU: 0 UID: 0 PID: 1517...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In th...

DEBIAN-CVE-2022-49759

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

UBUNTU-CVE-2022-49759

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

CVE-2022-49759 VMCI: Use threaded irqs instead of tasklets

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

CVE-2023-52931

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vmxa table makes it visible to userspace, which could try to race with us to close the vm. So we need to take our extra reference before putting it in the table...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from VMCI's use of tasklet to cause an invalid sleep...

VMware Tools 11.x / 12.x < 12.5.1 Authentication Bypass (VMSA-2025-0005)

The version of VMware Tools installed on the remote Windows host is 11.x or 12.x prior to 12.5.1. It is, therefore, affected by an authentication bypass vulnerability: - VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with...

The vulnerability of the KVM kernel component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the kvmvcpuonspin function in the Linux kernel-based KVM component is related to read misses beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-22230

CVE-2025-22230 – VMware Tools for Windows is affected by an authentication bypass due to improper access control. A non-administrative user on a guest VM may abuse this to perform high-privilege operations within the VM. Affected versions include VMware Tools 11.x and 12.x before 12.5.1; remediat...

Virtuozzo Hybrid Server 7.5 Update 7 Hotfix 3 (7.5.7-176)

The Hotfix 3 for Virtuozzo Hybrid Server 7.5 Update 7 provides fixes for the c2v-convert tool and VirtIO SCSI controllers. Vulnerability id: PSBM-160763 Fixed an issue where the c2v-convert tool failed to convert a container if one of its disks did not have a mount point specified in the source...

virt-v2v bug fix update

An update is available for virt-v2v. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virt-v2v package provides a tool for converting virtual machines to use...

libvirt security update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM offers a full virtualization solution forLin...

RLSA-2024:9128 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

[SECURITY] Fedora 42 Update: vyper-0.4.1-1.fc42

Pythonic Smart Contract Language for the EVM...

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

...