CVE-2026-46189

The CVE concerns the Linux kernel RDMA/vmw_pvrdma component. The vulnerability arises from a faulty error-path sequence in pvrdma_alloc_ucontext where pvrdma_uar_free() is called before the deallocation path completes, causing a double-free because pvrdma_uar_free() is already invoked within pvrd...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a malicious guest driver to execute hardware commands when shared buffers have not yet been allocated, potentially leading to a use-after-free condition...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue arises when handling the “PVRDMACMDCREATEMR” command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The greatest threat posed by this...

Astra Linux - уязвимость в qemu

An integer overflow was detected in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs when handling a “PVRDMAREGDSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to instruct QEMU to...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs when handling a “PVRDMAREGDSRHIGH” write from the guest, and it may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a malicious guest driver to allocate and initialize a large number of page tables, which can be used as a ring of descriptors for CQ and async events. This could potentially lead to out-of-bound...

(Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003273 advisory. The switchto function in arch/x86/kernel/process64.c in the Linux kernel does not properly context- switch IOPL on 64-bit PV Xen guests, which allows local guest OS...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002539 advisory. arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001681 advisory. Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

MiracleLinux 3 : xen-3.0.3-41.7AXS3 (AXSA:2008-256:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-256:01 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use...

SUSE SLES15 Security Update : qemu (SUSE-SU-2026:0043-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0043-1 advisory. Security issues fixed: - CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through ...

SUSE-SU-2026:0043-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host bsc1209554. - CVE-2024-6505: heap-based buffer overflo...

EUVD-2018-7468

Malware in sbrugna...

EUVD-2021-26912

Malware in sbrugna...

EUVD-2021-26891

Malware in sbrugna...

EUVD-2023-38405

Malicious code in bioql PyPI...

EUVD-2022-24397

Malicious code in bioql PyPI...

VMware多款产品 缓冲区错误漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...