CVE-2026-46034

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004407)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004407 advisory. A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004130 advisory. A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver,...

SUSE CVE-2023-54174

In the Linux kernel, the following vulnerability has been resolved: vfio: Fix NULL pointer dereference caused by uninitialized group-iommufd group-iommufd is not initialized for the iommufdctxput 20018.331541 BUG: kernel NULL pointer dereference, address: 0000000000000000 20018.377508 RIP:...

EUVD-2022-55007

Malicious code in bioql PyPI...

CVE-2025-38625

In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detachioas op When CONFIGIOMMUFD is enabled and a device is bound to the pdsvfiopci driver, the following WARNON trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfiomain.c:317...

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001011 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173:...

CVE-2022-49219

CVE-2022-49219 concerns a memory-leak in the Linux kernel VFIO PCI driver during D3hot↔D0 transitions. If vfio_pci_core_device::needs_pm_restore is set, the current PCI state is saved in pm_save on D0→D3hot and would be restored on D3hot→D0. The code uses pci_store_saved_state() to save state and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a missing boundary check in the read/write system call in the vfio/platform driver...

CVE-2024-56742

In the Linux kernel, the following vulnerability has been resolved: vfio/mlx5: Fix an unwind issue in mlx5vfaddmigrationpages Fix an unwind issue in mlx5vfaddmigrationpages. If a set of pages is allocated but fails to be added to the SG table, they need to be freed to prevent a memory leak. Any...

USN-5361-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service system crash. CVE-2020-12888 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not...

Important: kernel

Issue Overview: An issue in the HID driver in the Linux kernel may lead to invalid memory access. CVE-2022-20565 In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in...

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

DEBIAN-CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhausti...

USN-3361-1 linux-hwe vulnerabilities

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu...

kernel: Integer overflow when using kzalloc in vfio driver

The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfiopciintrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine...

kernel: State machine confusion bug in vfio driver leading to memory corruption

A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution...

kernel: Integer overflow when using kzalloc in vfio driver

The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfiopciintrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine...