Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021592 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximu...

CVE-2024-36332

CVE-2024-36332 concerns improper isolation of GPU hardware register space. The AMD bulletin/related records describe a vulnerability where a compromised Guest VM with privileged access could access a restricted range of GPU MMIO registers, potentially forcing a host OS reboot and causing Denial o...

CVE-2026-44004

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

GHSA-6785-PVV7-MVG7 vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the...

Astra Linux - уязвимость в qemu

An information disclosure vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw resides in the virglcmdgetcapsetinfo function in contrib/vhost-user-gpu/virgl.c, and can occur due to the reading of uninitialized memory...

Astra Linux - уязвимость в containerd-app

Containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation, where a user may exhaust memory on the host due to goroutine leaks. This issue has...

Astra Linux - уязвимость в linux

arch/powerpc/kvm/book3srtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtasargs.nargs, aka CID-f62f3c20647e...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but nvmeallochostmem could break out of the loop earlier on memory...

PT-2026-38395

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description Sandboxed code can call the Buffer.alloc function with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, the timeout option cannot...

CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

SUSE CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

SUSE CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

SUSE CVE-2026-35186

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally i...

SUSE CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

EUVD-2026-21037

Wasmtime has improperly masked return value from table.grow with Winch compiler backend...

GHSA-XX5W-CVP6-JV83 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Impact Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch compiler -Ccompiler=winch. By default, Wasmtime uses its Cranelift backend, not...