CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

CVE-2024-36332

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine VM to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service DOS condition...

Astra Linux - уязвимость в qemu

A out-of-bounds heap buffer access issue was identified in the ARM Generic Interrupt Controller emulator of QEMU, as of and including qemu 4.2.0 on the aarch64 platform. The issue arises because, when writing an interrupt ID to the controller’s memory area, it is not masked to be 4 bits wide. Thi...

Astra Linux - уязвимость в qemu

It was found that the patch for CVE-2020-17380/CVE-2020-25085 is ineffective. As a result, QEMU becomes vulnerable to out-of-bounds read/write access issues that were previously identified in the SDHCI controller emulation code. This flaw allows a malicious privileged attacker to crash the QEMU...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object, followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QXL display device emulation in QEMU. The double retrieval of the guest-controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object, followed by a subsequent heap-based buffer overflow. A malicious privileged gues...

Astra Linux - уязвимость в qemu

A use-after-free vulnerability was discovered in the LSI53C895A SCSI Host Bus Adapter emulation in QEMU. The flaw occurs during the processing of repeated messages to cancel the current SCSI request using the lsidomsgout function. This flaw allows a malicious privileged user within the guest to...

Astra Linux - уязвимость в qemu

A double-free vulnerability was identified in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto. The memreentrancyguard flag does not provide sufficient protection against reentrancy issues related to DMA operations. This vulnerability could allow a malicious privileged guest user ...

CVE-2024-36332

CVE-2024-36332 concerns improper isolation of GPU hardware register space. The AMD bulletin/related records describe a vulnerability where a compromised Guest VM with privileged access could access a restricted range of GPU MMIO registers, potentially forcing a host OS reboot and causing Denial o...

AMD Radeon PRO V710 安全漏洞

The AMD Radeon PRO V710 is a high-performance graphics card produced by AMD, a US-based semiconductor company. The AMD Radeon PRO V710 contains a security vulnerability, which stems from improper isolation. This vulnerability may allow privileged attackers in malicious guest virtual machines to...

PT-2026-41258

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

Astra Linux – Vulnerability in Qemu

A flaw was discovered in qemu. A host privilege escalation issue was identified in the virtio-fs shared file system daemon, where a privileged guest user is able to create a device-specific special file in the shared directory and use it to gain read/write access to host devices...

Astra Linux – Vulnerability in Qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

Astra Linux – Vulnerability in Qemu

A use-after-free vulnerability was discovered in the am53c974 SCSI host bus adapter emulation in QEMU in versions prior to 6.0.0, during the handling of the ‘Information Transfer’ command CMDTI. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial ...

VMware Fusion 13.x, 25H2 < 25H2u1 Improper Restriction of Communication Channel to Intended Endpoints (VMSA-2026-0002)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.x, 25H2 prior to 25H2u1. It is, therefore, affected by a vulnerability. - VMWare Workstation and Fusion contain a logic flaw in the management of network packets. A malicious actor with administrative privileges on ...

CVE-2026-22715

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715 plea...

EUVD-2026-8876

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

CVE-2026-22715

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...

CVE-2026-22715

VMware Workstation and Fusion are affected by multiple CVEs (CVE-2026-22715, CVE-2026-22716, CVE-2026-22717, CVE-2026-22722) per VMSA-2026-0002. The issues include: CVE-2026-22715 — a logic flaw in management of network packets that could allow a malicious actor with guest-VM admin rights to inte...

CVE-2026-22715 VMware Workstation/Fusion NAT vulnerability

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To remediate CVE-2026-22715...