552 matches found
CVE-2025-40266
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...
USN-7907-3 linux-gcp, linux-gcp-4.15, linux-hwe vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...
KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT
...
kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...
CVE-2025-40184 KVM: arm64: Fix debug checking for np-guests using huge mappings
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...
CVE-2025-40181 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...
kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization guest/host mode behind CONFIGBROKEN Hide KVM's ptmode module param behind CONFIGBROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad...
kernel: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
RISC-V: KVM: Teardown riscv specific bits after kvm_exit
...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988779)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988779 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988689)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988689 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: ...
CLSA-2025-1762171389 kernel: Fix of 15 CVEs
nfs: fix possible null-ptr-deref when parsing param CVE-2022-50455 - KVM: arm64: Disassociate vcpus from redistributor region on teardown CVE-2024-40989 - HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 - ALSA: usb-audio: Validate UAC3 cluster segment descriptors...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/xen – Fixed the cleanup logic in the emulation of Xen schedop poll hypercalls. In kvmxenschedoppoll, the kmallocarray function is called when a VM polls the host for more than one event channel nrports 1. After the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...
kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...
RISC-V: KVM: Write hgatp register with valid mode bits
...
SUSE CVE-2025-40065
In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits According to the RISC-V Privileged Architecture Spec, when MODE=Bare is selected,software must write zero to the remaining fields of hgatp. We have detected the valid mode...
CVE-2025-40026
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...
CVE-2025-40038
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...
CVE-2025-40038
CVE-2025-40038 affects the Linux kernel KVM/SVM fastpath handling. The vulnerability arises when VM-Exit handling attempts to decode and emulate an instruction to skip WRMSR/HLT fastpaths if the next RIP is not valid, which can require reading guest memory. Reading guest memory via the emulator c...