Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001345 advisory. kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's K...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002785 advisory. kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's K...

MiracleLinux 3 : kvm-84-7AXS3 (AXSA:2009-490:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-490:03 advisory. This package provides the kvm kernel modules built for the Linux kernel CVE-2009-3638 Integer overflow in the kvmdevioctlgetsupportedcpuid function i...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414460)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414460 advisory. A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causi...

EUVD-2022-55201

Malicious code in bioql PyPI...

CVE-2025-38455

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

CVE-2022-50227

CVE-2022-50227 affects the Linux kernel (KVM Xen timer) and is resolved by only initializing the Xen timer once. The root cause is that kvm_xen_init_timer() was invoked for every KVM_XEN_VCPU_ATTR_TYPE_TIMER, risking an ODEBUG crash when vcpu->arch.xen.timer is already set. The fix adds a chec...

CVE-2025-37885 KVM: x86: Reset IRTE to host control if *new* route isn't postable

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if new route isn't postable Restore an IRTE back to host control remapped or posted MSI mode if the new GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing typ...

CVE-2022-49932

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...

UBUNTU-CVE-2025-21839

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...

Linux Distros Unpatched Vulnerability : CVE-2021-47230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset t...

Linux Distros Unpatched Vulnerability : CVE-2018-1087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux...

CVE-2025-21740

Removed by vendor...

CVE-2022-49559 KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...

CVE-2022-49557

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: KVM: Set the base guest FPU uABI size to sizeofstruct kvmxsave Set the starting uABI size of KVM's guest FPU to 'struct kvmxsave', i.e. to KVM's historical uABI size. When saving FPU state for usersapce, KVM well, now th...

CVE-2021-47639 KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

CVE-2024-53228

In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvmriscvvcpusbiinit the entry-extidx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the...

UBUNTU-CVE-2024-47717

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the guest and the guest is forcefully powered-off...

DEBIAN-CVE-2024-43819

In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVMSETUSERMEMORYREGION and KVMSETUSERMEMORYREGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm-arch.gmap s...

CVE-2024-40953 KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()

In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on lastboostedvcpu in kvmvcpuonspin Use READ,WRITEONCE to access kvm-lastboostedvcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's...