CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from kernel subroutines that fail to consider the 1GB large-page mappings created using the shmcreatelargepage interface when updating page table entries. This...

Linux Distros Unpatched Vulnerability : CVE-2026-23345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: gcs: Do not set PTESHARED on GCS mappings if FEATLPA2 is enabled When FEATLPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bi...

EUVD-2023-60402

In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARNONs, particularly from pinuserpages weirdly returning 0 due to invalid arguments. Prevent creating a pages...

Linux Distros Unpatched Vulnerability : CVE-2022-26364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

Adaptive and Efficient Dynamic Memory Management for Hardware Enclaves

The second version of Intel Software Guard Extensions Intel SGX, or SGX2, adds dynamic management of enclave memory and threads. The first version required the address space and thread counts to be fixed before execution. The Enclave Dynamic Memory Management EDMM feature of SGX2 has the potentia...

CVE-2024-53148

CVE-2024-53148 affects the Linux kernel (comedi: Flush partial mappings in error case). If remap_pfn_range() partially succeeded before a failure, user mappings can remain in place until the mmap error path is taken; the fix explicitly flushes all mappings in the VMA on error. A commit titled mm:...

SUSE CVE-2024-47674

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw...

AZL-50597 CVE-2024-47674 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw...

DEBIAN-CVE-2024-47674

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw...

kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry

A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2022:7318 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option CVE-2022-30594 For more details abou...

DEBIAN-CVE-2022-33747

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M Physical-to-Machine mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation to replace a...

CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

ALPINE-CVE-2022-23033

arm: guestphysmapremovepage not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm p2mremovemapping, guestphysmapremovepage, and p2msetentry with mfn set to INVALIDMFN do not actually clear the pagetable entry if the entry doesn't have the vali...