CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

UBUNTU-CVE-2026-9516

BOM-shift PV-corruption SIGABRT...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: acpi: Fixed suspend with Xen PV The commit f1e525009493 "x86/boot: Skipping realmode init code when running as Xen PV guest" missed one code path that accessed the realmodeheader, leading to a NULL dereference during system...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel versions 3.11 through 5.10.16, as used by Xen. When serving requests to the PV backend, the driver maps grant references provided by the frontend. During this process, errors may occur. In one case, an error encountered earlier might be discarded by late...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel through version 5.10.1, as used with Xen up to version 4.14.x. The Linux kernel’s PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when the thread is stopped. However, the handler may not have enough time to execute if the...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux - уязвимость в linux

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

SUSE CVE-2026-5299

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: cilium-fips, kubeflow-pipelines, argo-cd-fips, grafana-fips, headlamp-fips, cilium, datadog-agent-fips, k8sgpt, kubevela-fips, plugin-barman-cloud-fips, kubescape, teleport, cluster-api, rancher, kube-arangodb, skaffold, aws-node-termination-handler-fips,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001425)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001425 advisory. Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001065)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001065 advisory. Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001536 advisory. An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately...

MiracleLinux 3 : xen-3.0.3-142.1.0.1.AXS3 (AXSA:2013-127:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-127:02 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use Xen can b...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004308 advisory. An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions o...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001522 advisory. An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operatio...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001411 advisory. Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...