Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: hv: vmbus: Disabled the option to deactivate sysctlrecordpanicmsg by default in isolated guests. The hvpanicpage may contain information sensitive to guests; do not dump this information to Hyper-V by default in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: added the missing negotiatefeatures operation to the Hyper-V ops table. The commit a7075f501bd3 “ixgbevf: fixed mailbox API compatibility by negotiating supported features” added the .negotiatefeatures callback to...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disabling IBT when the hypercall page lacks the ENDBR instruction. On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current version...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still encounter this issue with gcc-9: In the file included from include/linux/string.h:254, from...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them as SCSI devices in a guest VM. I/O to the vFC device is handled by the...

CVE-2026-40402

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

EUVD-2026-29663

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

CVE-2026-40402

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability

...

CVE-2026-40402

The CVE-2026-40402 entry describes a use-after-free in Windows Hyper-V that enables local privilege escalation by an unauthenticated attacker. The vulnerability affects Hyper-V components and, per multiple connected sources, has been addressed by May 2026 security updates (e.g., KB5087420/KB50874...

CVE-2026-40402

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability

...

Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

SUSE CVE-2026-43475

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPTRT This resolves the follow splat and lock-up when running with PREEMPTRT enabled on Hyper-V: 415.140818 BUG: scheduling while atomic: stress-ng-iomix/1048/0x00000002 415.14082...

KB5087420: Windows 11 version 23H2 Security Update (May 2026)

The remote Windows host is missing security update 5087420. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Use after free in Windows Hyper-V allows an...

KLA91040 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of...

KB5087545: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (May 2026)

The remote Windows host is missing security update 5087545 or hotpatch 5087424. It is, therefore, affected by multiple vulnerabilities - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. CVE-2026-41089 - Use after free in Windows Hyper...

Microsoft Hyper-V 资源管理错误漏洞

Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. There is a resource management vulnerability in Microsoft Hyper-V. Attackers can exploit this vulnerability to gain elevated...

CVE-2026-43475

A flaw was found in the Linux kernel's hvstorvsc component. When the kernel is configured with PREEMPTRT Real-Time Preemption and running on a Hyper-V virtual machine, a local process performing specific I/O operations can trigger a concurrency issue. This can lead to a system lock-up or crash,...