Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

GO-2025-4104 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

GO-2025-4105 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt

KubeVirt VMI Denial-of-Service DoS Using Pod Impersonation in kubevirt.io/kubevirt...

CVE-2025-64436

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

SUSE CVE-2025-64435

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

...

CVE-2025-64435

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

AZL-69964 CVE-2025-64435 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

GHSA-9M94-W2VQ-HCF9 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

PT-2025-45513

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...

PT-2025-45439

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, has an issue where permissions granted to the virt-handler service account could be misused. Specifically, the ability to update VMIs an...

GLSA-201706-21 : nettle: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201706-21 nettle: Information disclosure It was found that nettles RSA and DSA decryption code was vulnerable to cache-related side channel attacks. See the referenced technical paper Cache Attacks Enable Bulk Key Recovery on the...

VMS users please note:Venom vulnerability than Heartbleed also risk-vulnerability warning-the black bar safety net

Data centers are mostly using the host system management program host hypervisior to isolate a single server to run multiple virtual machine instances, but this is the underlying structure, it is found that the presence of the 1 0 years of“virtual environments neglected of business operation”in t...