CVE-2025-14876

CVE-2025-14876 is associated with a flaw in the QEMU virtio-crypto device where the AKCIPHER path lacks a proper length check, allowing a guest to trigger uncontrolled memory allocation and cause a host DoS. This conclusion is supported by Red Hat’s advisory describing a memory-allocation DoS vec...

CVE-2026-23215

In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page Hardware...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075 In the Linux kernel, the...

USN-8028-4 linux-aws-fips, linux-fips vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

USN-8028-3 linux-realtime, linux-raspi-realtime vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Control Flow Reconstruction using HPCs

Affected Products and Mitigation Performance counters are not protected by Secure Encrypted Virtualization SEV, SEV-ES, or SEV-SNP. AMD has defined support for performance counter virtualization in APM Vol 2, section 15.39. Performance Monitoring Counters PMC virtualization, available on AMD...

PT-2026-20212

URGENT: Ubuntu 24.04 LTS kernel updates USN-8028-3 are live. Critical patches for AMD CPU data leaks CVE-2024-36351 and SEV-SNP guest memory overwrite flaws. Read more: 👉 https://t.co/ChC0mzFiGU Security https://t.co/LSj2IFaKnN...

CVE-2025-0029

Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity...

CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

CVE-2025-29939

Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...

CVE-2025-29948

Improper access control in AMD Secure Encrypted Virtualization SEV firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity...

CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity...

CVE-2025-48517

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

CVE-2025-48514

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality...

CVE-2025-0031

A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLESOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity...

Advisory ROSA-SA-2026-3197

Software: pam 1.3.1 OS: ROSA Virtualization 2.1 unaffected versions = pam-1.3.1-39.rv3 affected versions pam-1.3.1-39.rv3 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a race...

Advisory ROSA-SA-2026-3201

Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 unaffected versions = sysstat-11.7.3-13.rv3 affected versions sysstat-11.7.3-13.rv3 CVE-ID: CVE-2023-33204 BDU-ID: 2025-00980 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the common.c component of the sysstat system performance measurement and...

Advisory ROSA-SA-2026-3200

Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 unaffected versions = sqlite-3.26.0-20.rv3 affected versions sqlite-3.26.0-20.rv3 CVE-ID: CVE-2020-24736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A buffer overflow vulnerability in SQLite3 allows a local attacker to cause a denial of service DoS...

Advisory ROSA-SA-2026-3199

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 unaffected versions = rsync-3.1.3-23.rv3 affected versions rsync-3.1.3-23.rv3 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync...