Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fixed soft lockup issues. There is a while-loop in astdpsetonoff, which could lead to an infinite loop. This is because the register VGACRI-Dx checked in this API is actually a scratch register controlled by a MCU named...

Astra Linux - уязвимость в qemu

A issue was discovered in QEMU through version 5.1.0. An out-of-bounds memory access was identified in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c, during handling of MMIO write operations via the atimmwrite callback. A malicious guest could...

Astra Linux - уязвимость в qemu

A buffer overflow vulnerability was discovered in the ATI VGA device emulation provided by QEMU. This vulnerability occurs in the ati2dblt routine, during the handling of MMIO write operations, when the guest provides invalid values for the destination display parameters. A malicious guest could...

Incus vulnerable to local privilege escalation through VM screenshot path

Summary Incus provides an API to retrieve VM screenshots, that API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As Incus uses predictable paths under /tmp for this, an attacker with local access to the...

MiracleLinux 7 : qemu-kvm-1.5.3-156.el7.1 (AXSA:2018-3085:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3085:04 advisory. QEMU: cirrus: OOB access when updating VGA display CVE-2018-7858 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.503.AXS4 (AXSA:2017-1378:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1378:03 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004248 advisory. A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl...

MiracleLinux 7 : qemu-kvm-1.5.3-141.el7.4 (AXSA:2017-2446:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2446:08 advisory. Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue...

CVE-2020-17401

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000356)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000356 advisory. A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl...

SUSE CVE-2025-68296

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

EUVD-2025-203784

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

AZL-72667 CVE-2025-68296 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

CVE-2025-68296

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

CVE-2025-68296

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

UBUNTU-CVE-2025-68296

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

CVE-2025-68296

CVE-2025-68296 : Linux kernel DRM/fbcon/vga_switcheroo race condition in fbcon setup. The vulnerability occurred because fbcon_remap_all() could race with VGA switcheroo outputs when vga_switcheroo_client_fb_set() ran without the console lock, risking OOB access due to fb_info.node being used bef...

CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

PT-2025-51700

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the interaction between DRM, fbcon, and vga switcheroo components. Specifically, the issue occurs during fbcon setup when switching outputs, potentially leadin...