CVE-2026-43133 KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

PT-2026-37473

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

PT-2026-34944

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV component where the sev mem enc register region function is not fully protected by the kvm-lock. Because the sev guest function is unstable unless kvm-lock...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005477 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/fpu: KVM: Set the base guest FPU uABI size to sizeofstruct kvmxsave Set the starting uABI siz...

UBUNTU-CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

AZL-72497 CVE-2025-68259 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard the exception and retry the instruction if the code stream is changed...

CVE-2025-68259

Summary: In the Linux kernel’s KVM/SVM path, re-injecting a soft interrupt when replacing INT3/INT0/INTn can lead to decoding a different instruction and thus a wrong next RIP. This can clobber guest state and trigger a guest panic (e.g., Oops: int3) if the RIP lookup uses the incorrect instructi...

PT-2025-51672

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the KVM SVM component. Specifically, when re-injecting a soft interrupt from an INT3 instruction, the system may discard the exception and retry t...

Linux Distros Unpatched Vulnerability : CVE-2025-68259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard t...

EUVD-2023-38408

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-34327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensio...

UBUNTU-CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

UBUNTU-CVE-2023-34327

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

CVE-2023-34327

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

Fedora 38 : xen (2023-a4c606585e)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a4c606585e advisory. xenstored: A transaction conflict can crash C Xenstored XSA-440, CVE-2023-34323 x86/AMD: missing IOMMU TLB flushing XSA-442, CVE-2023-34326 Multiple...

SUSE SLES12 Security Update : xen (SUSE-SU-2023:4185-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4185-1 advisory. - The vulnerability exists due to a reachable assertion when handling negative quota values in C Xenstored. A malicious guest can...

SUSE SLES15 Security Update : xen (SUSE-SU-2023:4183-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4183-1 advisory. - The vulnerability exists due to a reachable assertion when handling negative quota values in C Xenstored. A malicious guest can...