virt:rhel and virt-devel:rhel security update

An update is available for module.libguestfs-winsupport, libvirt, module.supermin, netcf, perl-Sys-Virt, libguestfs-winsupport, module.perl-Sys-Virt, module.libtpms, qemu-kvm, module.nbdkit, seabios, libvirt-python, nbdkit, module.netcf, libnbd, libguestfs, module.libvirt-python, supermin,...

Qemu-kvm: information leak in virtio devices

...

Microsoft Hyper-V 安全漏洞

Microsoft Hyper-V is an application from Microsoft USA. A system hypervisor virtualization technology that enables desktop virtualization. A security vulnerability exists in Microsoft Hyper-V. An attacker exploiting this vulnerability could elevate privileges. The following products and versions...

Linux Distros Unpatched Vulnerability : CVE-2025-38455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration ...

SUSE CVE-2025-38351

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

VMware多款产品 安全漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a suite of virtual machine software, and VMware Fusion is a suite of virtual machine software specifically designed to run Windows applications on Macs. VMware Fusion is a sui...

Oracle Virtualization 安全漏洞

Oracle Virtualization is a suite of virtualization solutions from Oracle Corporation USA. The product is used to unify the management of the entire hardware and software architecture, from applications to disks, enabling virtualization from the desktop to the datacenter.VM VirtualBox is one of th...

CVE-2025-48803

Missing support for integrity check in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2025-47159

Protection mechanism failure in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2025-48811 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

...

Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability

Protection mechanism failure in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

microcode_ctl: From CVEorg collector

A flaw was found in the Branch Prediction Unit BPU of Intel's Lion Core CPUs that make it possible for an attacker to bypass Indirect Branch Predictor Barrier IBPB protections. By employing branch predictor training techniques as described in the "Training Solo" publication, an attacker with loca...

CVE-2025-46708

CVE-2025-46708 affects Imagination Technologies PowerVR-GPU driver. The issue arises when software inside a Guest VM makes improper GPU system calls, delaying or blocking the GPU for other guests and preventing them from processing workloads. The vulnerability is described as enabling guest VMs t...

Design High-Confidence Computers Using Trusted Instructional Set Architecture and Emulators

High-confidence computing relies on trusted instructional set architecture, sealed kernels, and secure operating systems. Cloud computing depends on trusted systems for virtualization tasks. Branch predictions and pipelines are essential in improving performance of a CPU/GPU. But Spectre and...

USN-7560-1 amd64-microcode vulnerability

Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running unde...

VMware NSX 安全漏洞

VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. It provides virtual machines with a virtualized network, isolates virtual machines from the physical network, and makes...

Parallels Desktop prl_vmarchiver Unarchive Hard Link Privilege Escalation

Talos Vulnerability Report TALOS-2024-2126 Parallels Desktop prlvmarchiver Unarchive Hard Link Privilege Escalation June 3, 2025 CVE Number CVE-2024-36486 SUMMARY A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac...

CVE-2021-2264

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

SUSE CVE-2025-37957

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f "KVM: x86: forcibly leave nested mode on vCPU reset" addressed an issue where a triple fault occurring in nested mode could lead to...

Advisory ROSA-SA-2025-2841

Software: emacs 26.1 OS: ROSA Virtualization 2.1 packageevrstring: emacs-26.1-13.rv3 CVE-ID: CVE-2022-45939 BDU-ID: 2024-05926 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lib-src/etags.c file of the ctags component of the EMACS text editor is related to improper neutralization of special...