SUSE CVE-2026-46076

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

CVE-2026-46076

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

UBUNTU-CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

EUVD-2026-32458

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46059

CVE-2026-46059 (Linux kernel, KVM nSVM) : The issue concerns how NextRIP is chosen for vmcb02 after an L2 VMRUN when NRIPS is disabled. Affected code uses the current RIP as NextRIP to emulate a CPU without NRIPS, but after the first L2 run NextRIP can be updated by the CPU/KVM, making the curren...

Linux Distros Unpatched Vulnerability : CVE-2026-46059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an...

PT-2026-43926

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Ensure that the IPI buffer fits within the L2TCM. The location of the IPI buffer is determined from the firmware that we load into the System Companion Processor. It is not guaranteed that both the SRAM size...

SUSE CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

Linux Distros Unpatched Vulnerability : CVE-2026-43133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state made KVM always use...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: first of all, for all of them the timings were written for CP...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: Avoid out-of-bounds access in sja1105initl2policing The SJA1105 family has 45 L2 policing table entries SJA1105MAXL2POLICINGCOUNT, and the SJA1110 family has 110 entries SJA1110MAXL2POLICINGCOUNT. However, simp...

Malicious code in l2-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb0d21ff2e4e02ef879ddbcc41ef5c3d957ef37495bb5815beb17335f6579acc The package l2-contracts was found to contain malicious code. Source: ghsa-malware 8d05d077850c263135146bdb5b17ae9606f3f4fcd7eff921214f6ed00118cc4e A...

MAL-2026-683 Malicious code in l2-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb0d21ff2e4e02ef879ddbcc41ef5c3d957ef37495bb5815beb17335f6579acc The package l2-contracts was found to contain malicious code. Source: ghsa-malware 8d05d077850c263135146bdb5b17ae9606f3f4fcd7eff921214f6ed00118cc4e A...

Malicious Package

Overview l2-contracts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26990)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26990 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2...

CVE-2022-35916

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...

EUVD-2022-54692

In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER system error recover L2 reset process and ieee80211restarthw which is called by L2 reset process eventuall...