CVE-2026-46542

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

Astra Linux - уязвимость в qemu

A double-free vulnerability was identified in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto. The memreentrancyguard flag does not provide sufficient protection against reentrancy issues related to DMA operations. This vulnerability could allow a malicious privileged guest user ...

Astra Linux - уязвимость в qemu

A flaw was discovered in the virtio-net device in QEMU. When the RSS feature is enabled on the virtio-net network card, the indirectionstable data within RSS becomes controllable. Setting values that are excessively large may lead to an index out-of-bounds issue, potentially resulting in a heap...

Astra Linux - уязвимость в qemu

A use-after-free vulnerability was discovered in the LSI53C895A SCSI Host Bus Adapter emulation in QEMU. The flaw occurs during the processing of repeated messages to cancel the current SCSI request using the lsidomsgout function. This flaw allows a malicious privileged user within the guest to...

Astra Linux - уязвимость в qemu

An integer overflow issue was identified in the vmxnet3 NIC emulator of QEMU for versions up to v5.2.0. This issue can occur if a guest provides invalid values for the rx/tx queue size or other NIC parameters. A privileged guest user may exploit this flaw to crash the QEMU process on the host,...

Astra Linux - уязвимость в qemu

A heap buffer overflow was discovered in the floppy disk emulator of QEMU up to version 6.0.0 inclusive. This issue could occur in the fdctrltransferhandler function in the hw/block/fdc.c file, during the processing of DMA read data transfers from the floppy drive to the guest system. A privilege...

Astra Linux - уязвимость в qemu

Integer overflows and buffer overflows were identified in the ACPI Error Record Serialization Table ERST device of QEMU, within the readerstrecord and writeerstrecord functions. Both issues may allow the guest to exceed the host buffer allocated for the ERST memory device. A malicious guest could...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue arises when handling the “PVRDMACMDCREATEMR” command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The greatest threat posed by this...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel for PowerPC before version 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to a bug in the implementation of arch/powerpc/kvm/book3shvrmhandlers.S, which handles the values of the SRR1 register...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Obtain source vCPUs from the source VM for SEV-ES intrahost migration Fixed a bug where KVM attempts to retrieve source vCPUs from the destination VM during intrahost migration. Retrieving the wrong vCPU not only causes...

Astra Linux - уязвимость в qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object, followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process...

Astra Linux - уязвимость в qemu

A reentrancy issue related to DMA was discovered in the Tulip device emulation in QEMU. When Tulip reads from or writes to the rx/tx descriptor, or copies a rx/tx frame, it does not check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers...

Astra Linux - уязвимость в qemu

A reentrancy issue related to DMA operations led to a use-after-free error in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service...

Astra Linux - уязвимость в qemu

A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...

libvirt: Denial of service in XML parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2026-44001

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10....

CVE-2026-44001

Summary : CVE-2026-44001 affects vm2 before version 3.11.0, where a sandbox escape allows sandboxed code to crash the host Node.js process via an unhandled rejection from a Promise executor. The issue stems from the executor path not being sanitized, even though the earlier CVE-2026-22709 fix add...

CVE-2026-44001 vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10....

CVE-2026-44001 vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10....