kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37849)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37849 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCP...

EUVD-2025-13224

Malicious code in bioql PyPI...

EUVD-2025-14143

Malicious code in bioql PyPI...

EUVD-2025-22686

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-38455

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

CVE-2025-38455

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

CVE-2025-38455

CVE-2025-38455: Linux kernel KVM-SEV-ES intra-host migration is rejected when vCPU creation is in-flight to prevent SEV-ES VM with non-SEV-ES vCPU. Root cause: vCPU creation runs largely outside kvm->lock, allowing sev_info.es_active to toggle during svm_vcpu_create(), causing issues when free...

CVE-2025-38455 KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

CVE-2025-38455 KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

CVE-2025-37849

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak...

CVE-2025-37849

CVE-2025-37849 affects the Linux kernel KVM arm64; the issue occurs when kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, leaving vGIC vCPU data initialised. This can leak memory on vCPU destruction and may cause use-after-free in redistributor handling. The fix adds prope...

CVE-2025-37849

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak...

CVE-2025-37849 KVM: arm64: Tear down vGIC on failed vCPU creation

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak...

CVE-2022-49884 KVM: Initialize gfn_to_pfn_cache locks in dedicated helper

In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit'...

Linux Distros Unpatched Vulnerability : CVE-2024-50114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller ha...

CVE-2024-50114 KVM: arm64: Unregister redistributor for failed vCPU creation

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvmputkvm+0x300/0xe68...

CVE-2024-50114 KVM: arm64: Unregister redistributor for failed vCPU creation

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvmputkvm+0x300/0xe68...

UBUNTU-CVE-2021-4032

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvmfreelapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with...