CVE-2023-53756 KVM: VMX: Fix crash due to uninitialized current_vmcs

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and 'Enlightened MSR Bitmap' when running as a nested hypervisor on top of Hyper-V. When MSR bitmap is updated, evmcstouchmsrbitmap function uses...

EBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation Using EBPF in Containerized and Virtualized Environments

With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies i.e., containerization and virtualization have become foundational. However, strict isolation and maintaining runtime security in these environments has become increasingly challenging. Existing...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

USN-7862-3 linux-xilinx-zynqmp vulnerability

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

CVE-2025-40038 KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

Microsoft Hyper-V 竞争条件问题漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V suffers from a Competing Conditions Issue vulnerability that originates from an attacker's ability to elevate privileges by...

EUVD-2020-22541

Malware in sbrugna...

EUVD-2020-6764

Malware in sbrugna...

EUVD-2021-16739

Malware in sbrugna...

EUVD-2010-0459

Malware in sbrugna...

EUVD-2013-0195

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414380 advisory. An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operatio...

Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-680656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680656 advisory. A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414353 advisory. A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.L2 can carry out Spectre v2 attacks on L1 due to L1 thinking ...

kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

EUVD-2025-10153

Malicious code in bioql PyPI...

EUVD-2025-2433

Malicious code in bioql PyPI...

EUVD-2025-2405

Malicious code in bioql PyPI...