Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing trygrabfolio A kernel warning was reported when pinning folio in CMA memory during the launch of a SEV virtual machine. The warning message looks like this: 464.325306 WARNING: CPU: 13 PID: 6734 at...

CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

EUVD-2025-209812

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSCFACTOR for Secure TSC frequency calculation When using Secure TSC, the GUESTTSCFREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly typically 0.2% from the actual mean TSC...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmwar...

Astra Linux - уязвимость в amd64-microcode

Improper signature verification in the AMD CPU ROM microcode patch loader may allow an attacker with local administrator privileges to load malicious CPU microcode, resulting in a loss of confidentiality and integrity for confidential guests running under AMD SEV-SNP...

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

...

DEBIAN-CVE-2026-31592

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...

CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

EUVD-2026-25454

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

PT-2026-34913

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86 CR4 FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

PT-2026-28187

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3 Description An authorization bypass exists because the plugin fails to restrict access to the wp db temp dir parameter, which determines the storage location for database backups...

Linux Distros Unpatched Vulnerability : CVE-2025-29939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested pagin...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005415)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005415 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm-lock to fix UAF in svmregisterencregion Do the cache flush of...

USN-8028-4 linux-aws-fips, linux-fips vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

USN-8028-3 linux-realtime, linux-raspi-realtime vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

CVE-2025-48517

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

CVE-2025-48514

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality...