Malicious code in @cloudplatform-single-spa/observability (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

x86/CPU: Fix FPDSS on Zen1

...

CVE-2026-31542

A flaw was found in the Linux kernel's x86/platform/uv component. When a socket is deconfigured, it is incorrectly mapped to SOCKEMPTY instead of NUMANONODE. This improper handling can lead to a system panic during the allocation of UV hub information structures, resulting in a Denial of Service...

2026-04 .NET 9.0.15 Security Update for x86 Client (KB5086097)

2026-04 .NET 9.0.15 Security Update for x86 Client KB5086097...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006727)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006727 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stac...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006742 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

USN-8098-6: Linux kernel (FIPS) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

CVE-2026-23553 x86: incomplete IBPB for vCPU isolation

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

CVE-2025-58150 x86: buffer overrun with shadow paging + tracing

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004756 advisory. A NULL pointer dereference flaw was found in the Linux kernels KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. Thi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993097)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993097 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and...

CVE-2023-54279 MIPS: fw: Allow firmware to pass a empty env

In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass a empty env fwgetenv will use env entry to determine style of env, however it is legal for firmware to just pass a empty list. Check if first entry exist before running strchr to avoid null pointe...

CVE-2023-53996

CVE-2023-53996 : In the Linux kernel, a bug in x86/sev handling caused live migration corruption when encryption status was computed. The function enc_dec_hypercall() previously used a page count instead of a size, forcing callers to round up and causing non-page-aligned vaddrs to be treated as d...

CVE-2023-53793

In the Linux kernel, the following vulnerability has been resolved: perf tool x86: Fix perfenv memory leak Found by leak sanitizer: ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 bytes in 1 objects allocated from: 0 0x7f2953a7077b in interceptorstrdup...

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

EUVD-2025-36441

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...

KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits

...

2025-10 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5066836)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...