RHEL 9 : qemu-kvm (RHSA-2026:3165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3165 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

CVE-2024-21953

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity...

Intel Trust Domain Extensions 竞争条件问题漏洞

Intel Trust Domain Extensions is a confidential virtualization solution developed by Intel Corporation in the United States. It aims to isolate confidential virtual machines from non-confidential domain software stacks including hypervisors, VMMs, and other non-trusted domain software stacks,...

AMD EPYC Processor 安全漏洞

The AMD EPYC Processor is a series of multi-core processors developed by Advanced Microelectronics Devices, Inc. AMD. There is a security vulnerability in the AMD EPYC Processor, which stems from the reuse of freed resources. This vulnerability may allow malicious virtual machine monitoring...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CTT-Memory-Vortex-20805 ​This script utilizes the \alpha=0.030...

Xen security vulnerabilities

Xen is an open-source virtual machine monitor product developed by Xen. This product allows different and incompatible operating systems to run on the same computer. It also supports migration during runtime, ensuring smooth operation and avoiding downtime. Xen has security vulnerabilities; these...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23141)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23141 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE ...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2024-8558:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8558:01 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.160.AXS4.8 (AXSA:2011-600:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-600:02 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

MiracleLinux 3 : kvm-83-266.0.1.AXS3.1 (AXSA:2014-242:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-242:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

CVE-2026-21223

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000658 advisory. The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002721)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002721 advisory. The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service assertion failure, and hypervisor hang or crash via an out-of...

CVE-2026-20819

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to disclose information locally...

Microsoft Patch Tuesday for January 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as "critical". In this month's release, Microsoft observed one of the included "important" vulnerabilities, CVE-2026-20805, as...

CVE-2026-20935

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally...

CVE-2026-20876

CVE-2026-20876 is a heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave that enables a locally authorized attacker to elevate privileges. The vulnerability targets the VBS Enclave component and can lead to total compromise of the host if exploited. Microsoft has publ...

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

EulerOS Virtualization 2.13.1 : libssh (EulerOS-SA-2025-2549)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to...