Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...

[SECURITY] Fedora 43 Update: edk2-20260213-4.fc43

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime and IBM SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to Denial of Service CVE-2026-21945, Tampering CVE-2026-21932, Information Disclosure CVE-2026-21933, CVE-2026-21925 and Elevation of Privilege CVE-2026-1188 threats due to the use of IBM Semeru Runtime and IBM SDK, Java Technology Edition...

Linux Distros Unpatched Vulnerability : CVE-2026-31591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing...

AgentVisor: Defending LLM Agents against Prompt Injection Via Semantic Virtualization

Large Language Model LLM agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt injection. Existing defenses face significant challenges in balanci...

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

...

KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION

...

KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

...

SUSE CVE-2026-31558

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvmgetvcpubycpuid more robust kvmgetvcpubycpuid takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvmgetvcpubycpuid return NULL for this case so as to make it more robust. This fix an...

SUSE CVE-2026-31588

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO write, copy the to-be-written value to a scratch field in the MMIO fragment if the size of the data...

SUSE CVE-2026-31591

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing userspace to manipulate and/or run a vCPU while its state is being...

SUSE CVE-2026-31593

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

Linux Distros Unpatched Vulnerability : CVE-2026-31558

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvmgetvcpubycpuid more robust kvmgetvcpubycpuid takes a cpuid parameter...

CVE-2026-31592

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine subsystem. A local user could exploit a concurrency issue by failing to properly protect the sevmemencregisterregion function with the kvm-lock. This can lead to an unstable state if KVM initialization fails, resulting in a...

CVE-2026-31590

A flaw was found in the Linux kernel, specifically within the Kernel-based Virtual Machine KVM subsystem's Secure Encrypted Virtualization SEV feature. A local user could exploit this vulnerability by providing an excessively large memory region size when using the KVMMEMORYENCRYPTREGREGION...

CVE-2026-31569

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. When a specific internal data structure, known as EIOINTC's coremap, is empty, the system incorrectly processes a processor ID. This error can lead to an out-of-bounds memory access, meaning the system tries to rea...

CVE-2026-31553

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine component. Specifically, in the ARM64 architecture, an incorrect calculation of the descriptor address in the kvmatswapdesc function could lead to memory corruption. This vulnerability may allow an attacker to cause system...

DEBIAN-CVE-2026-31590

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVMMEMORYENCRYPTREGREGION Drop the WARN in sevpinmemory on npages overflowing an int, as the WARN is comically trivially to trigger from userspace, e.g. by doing: struct kvmencregion range =...

CVE-2026-31592

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...

DEBIAN-CVE-2026-31592

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...