CVE-2026-32291

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2026-23029

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmeiointcdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmeiointcdestroy is not currently doing...

CVE-2026-23027

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmpchpicdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmpchpicdestroy is not currently doing this...

CVE-2026-23027 LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmpchpicdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmpchpicdestroy is not currently doing this...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that kvmpchpicdestroy does not release the memory of kvmdevice, potentially leading to...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the kvmipiDestroy function to release the memory of the kvmdevice. This could lead...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004242)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004242 advisory. An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001981)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001981 advisory. Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002086 advisory. Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of...

CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: skopeo-fips, nodetaint, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, protoc-gen-go-grpc, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune,...

CVE-2025-58189 vulnerabilities

Vulnerabilities for packages: skopeo-fips, nodetaint, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, protoc-gen-go-grpc, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune,...

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: skopeo-fips, nodetaint, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, protoc-gen-go-grpc, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune,...

GHSA-9GCR-GP5F-JW27 vulnerabilities

Vulnerabilities for packages: skopeo-fips, falcoctl, mongodb-kubernetes-operator-fips, kubernetes-csi-external-attacher-fips, prometheus-node-exporter, pvc-autoresizer, protoc-gen-go-grpc, glow, vgpu-util, maru, falco-exporter-fips, stern, secrets-store-csi-driver, timescaledb-tune, localstack,...

EUVD-2022-54664

Malicious code in bioql PyPI...

DEBIAN-CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

CVE-2022-49568 KVM: Don't null dereference ops->destroy

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

CVE-2022-49568 KVM: Don't null dereference ops->destroy

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

SUSE CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device...