238 matches found
EUVD-2026-39281
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dmafence refcount leak on error in virtiogpudmafencewait dmafenceunwrapforeach internally calls dmafenceunwrapfirst which does cursor-chain = dmafencegethead, taking an extra reference. On normal loop completion,...
CVE-2026-53190
CVE-2026-53190 (in the Linux kernel, drm/virtio) fixes a refcount leak in virtio_gpu_dma_fence_wait. The bug occurred when virtio_gpu_do_fence_wait() returned early inside dma_fence_unwrap_for_each(), leaving cursor->chain unreleased. The fix adds a dma_fence_put(itr.chain) before the early re...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/virtio: fixed a NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL, and we should check for this. This bug was discovered by syzkaller: FAULTINJECTION stacktrace: 168.567394 FAULTINJECTION: forcin...
QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation
The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...
QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu driver. Th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: A missing check was fixed to avoid NULL dereferencing. cacheent could potentially be set to NULL inside virtiogpucmdgetcapset, which would lead to a NULL dereferencing due to its recent use i.e., ptr =...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree. If virtiogpuobjectshmeminit fails e.g., due to fault injection, as happened in the bug report by syzbot, virtiogpuarrayputfree might be called with objs being NUL...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006643)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006643 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside...
UBUNTU-CVE-2026-23390
In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dmamapsg tracepoint arrays to prevent buffer overflow The dmamapsg tracepoint can trigger a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu creating large DRM buffers,...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002763)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002763 advisory. Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002867)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002867 advisory. Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000604)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000604 advisory. Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of...
SUSE SLES15 Security Update : qemu (SUSE-SU-2026:0039-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0039-1 advisory. - CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS bsc1227397 - CVE-2025-12464: net: pad...
Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. CVE-2025-11234: use-after-free in WebSocket...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992974)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992974 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992434)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992434 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside...
SUSE-SU-2026:20008-1 Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234: use-after-free in WebSocket...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989956)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989956 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL and ...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988700)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988700 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL and ...
EUVD-2021-21503
Malware in sbrugna...