Security Bulletin: This Power System update is being released to address CVE-2025-49087

Summary Mbed-TLS is used by partition firmware for Linux secure boot. This update is being released to mitigate any potential impacts to Linux partitions with secure boot enabled. Vulnerability Details CVEID:CVE-2025-49087 DESCRIPTION: In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing...

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

Security Bulletin: This Power System update is being released to address CVE-2025-36194

Summary The PowerVM hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Vulnerability Details CVEID:CVE-2025-36194 DESCRIPTION: IBM PowerVM hypervisor may expose a limited amount of data to a peer partition in...

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

Security Bulletin: This Power System update is being released to address CVE-2025-49133

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. This issue was fixed in a previous security bulletin for CVE-2025-2884: https://www.ibm.com/support/pages/node/7238453 Vulnerability Details CVEID:CVE-2025-49133 DESCRIPTION: Libtpms is a...

Exploit for CVE-2025-29943

StackWarp: PoC for CVE-2025-29943 Prueba de concepto para la...

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

EUVD-2026-3111

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard non‑administrator local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged...

CVE-2026-21223

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

SUSE CVE-2025-71104

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003679 advisory. A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001278)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001278 advisory. An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not...

MiracleLinux 7 : qemu-kvm-1.5.3-156.el7.5 (AXSA:2018-3289:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3289:06 advisory. QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams CVE-2018-11806 QEMU: i386: multiboot OOB access while loading kernel image...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003866)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003866 advisory. An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003705 advisory. An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003984 advisory. A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000732 advisory. The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003622 advisory. A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001287 advisory. arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can...