150 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering the kernel’s FPSIMD state with SMSTOP. On systems with SME Savage Mode Enforcement, the kernel’s FPSIMD state may be erroneously clobbered during a context switch immediately after that state is...
CVE-2026-23553
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...
x86: incomplete IBPB for vCPU isolation
ISSUE DESCRIPTION In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CP...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004240)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004240 advisory. A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disab...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000608)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000608 advisory. The switchto function in arch/x86/kernel/process64.c in the Linux kernel does not properly context- switch IOPL on 64-bit PV Xen guests, which allows local guest OS...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003908)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003908 advisory. A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disab...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001364 advisory. The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003204)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003204 advisory. The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002610)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002610 advisory. The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it...
CVE-2025-71078
A Segment Lookaside Buffer SLB multi-hit error vulnerability was found in the Linux kernel's PowerPC 64-bit hash MMU implementation. When a process migrates between CPUs without triggering switchmmucontext because prev and next mmstruct are the same, the hardware SLB and software preload cache ca...
CVE-2025-71078
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...
CVE-2025-71078
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000498)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000498 advisory. A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disab...
PT-2025-53069
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rtw88 wifi driver related to rate updates. The ieee80211 ops::sta rc update function must be atomic to prevent a context switch within an RCU...
kernel: x86/vmscape: Add conditional IBPB mitigation
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...
kernel: x86/vmscape: Add conditional IBPB mitigation
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...
kernel: x86/vmscape: Add conditional IBPB mitigation
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...
SUSE-SU-2025:03505-1 Security update for redis
This update for redis fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818: Malicious Lua scripts can ...
EUVD-2014-3145
Malware in sbrugna...
EUVD-2018-7446
Malware in sbrugna...