Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check the validity of “numcpu” from user space. The maximum supported CPU number is EIOINTCROUTEMAXVCPUS. For the irchip EIOINTC, validation of the CPU number is added to prevent array pointer overflow...

CVE-2023-54296

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

UBUNTU-CVE-2023-54296

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it...

CVE-2023-54296

CVE-2023-54296 concerns the Linux kernel KVM/SMV intrahost migration path. The issue fixed a bug where KVM would grab source vCPUs from the destination VM during intrahost migration, which could cause the guest to fail and the host to crash because the VMSA pointer could be left NULL. The descrip...

TencentOS Server 4: kernel (TSSA-2025:0430)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0430 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...

EUVD-2024-54016

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-58083

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...

CVE-2024-58083

CVE-2024-58083 affects the Linux kernel KVM: the target vCPU was not reliably verified online before clamping the index in kvm_get_vcpu(). If the index is bad, nospec clamping could return vCPU0, leading to a use‑after‑free when vCPU0 is dereferenced. The issue is mitigated by ensuring vCPU0 is o...

kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown

A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

edk2 security update

20240524-6.0.1 - Replace upstream references Orabug:36569119 20240524-6 - edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch RHEL-56974 - edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch RHEL-55336 - Resolves: RHEL-56974 qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion:...

kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown

A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption...

Virtuozzo Hybrid Infrastructure 6.3 (6.3.0-170)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service and our ecosystem of backup and disaster recovery solutions. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown

A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption...

CVE-2024-40989

A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption. Mitigation Mitigation for this...

CVE-2024-40989

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu...

CVE-2024-40989 KVM: arm64: Disassociate vcpus from redistributor region on teardown

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu...

UBUNTU-CVE-2021-47390

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapicwriteindirect KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvmmakevcpusrequestmask+0x174/0x440 kvm Read of size 8 at addr ffffc9001364f638 by tas...

CVE-2024-26768

CVE-2024-26768 affects the Linux kernel LoongArch path: the patch changes the ACPI core PIC array from [NR_CPUS] to [MAX_CORE_PIC] to match the MADT max physical CPUs. With NR_CPUS defaulting to 64, platforms with more than 64 CPUs could overflow acpi_core_pic when parsing MADT, risking a boot cr...

The vulnerability of the kvm_for_each_vcpu() function in the KVM virtualization subsystem of Linux kernels allows a attacker to cause a service failure.

The vulnerability of the kvmforeachvcpu function in the KVM virtualization subsystem of Linux operating systems is related to errors in pointer manipulation when processing the createdvcpus parameter. Exploiting this vulnerability can allow a remote attacker to trigger a service failure...