Lucene search
K

3004 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtionet: Do not send RSS commands if the feature is not available on the device. There is a bug when setting RSS options in virtionet that can cause the entire machine to become unstable, leading to an infinite loop in the...

5.5CVSS6.1AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in vDPA with the VDUSE backend. Currently, there are no checks in the VDUSE kernel driver to ensure that the size of the device configuration space is consistent with the features advertised by the VDUSE user-space application. In the event of a mismatch, the Virtio driver...

6.5CVSS6.6AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Qemu

An information disclosure vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw resides in the virglcmdgetcapsetinfo function in contrib/vhost-user-gpu/virgl.c, and can occur due to the reading of uninitialized memory...

6.5CVSS6.6AI score0.00421EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: The recursive rtnllock function occurs during the probe operation. This deadlock appears in a stack trace like this: virtnetprobe rtnllock virtioconfigChangedWork netdevNotifyPeers rtnllock This occurs when the VMM...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux

In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can occur when a trustedless device provides a buf-len value that exceeds the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the leng...

7.8CVSS6.8AI score0.00395EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: A missing check was fixed to avoid NULL dereferencing. cacheent could potentially be set to NULL inside virtiogpucmdgetcapset, which would lead to a NULL dereferencing due to its recent use i.e., ptr =...

5.5CVSS6AI score0.00208EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RUGGEDCOM RST2428P Missing Synchronization (CVE-2026-23229)

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-c...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/17 8:2 a.m.8 views

Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

...

6.7CVSS5.8AI score0.00121EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/16 1:13 p.m.7 views

CVE-2026-46655

A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap...

7.8CVSS5.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2026:2385-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2385-1 advisory. - CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when...

7.4CVSS7.4AI score0.00126EPSS
Exploits1References14
SUSE Linux
SUSE Linux
added 2026/06/12 1:54 p.m.26 views

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. CVE-2026-2243: incorrect bounds check leads to heap...

8.8CVSS6.7AI score0.00143EPSS
Exploits1References26
OSV
OSV
added 2026/06/12 1:54 p.m.5 views

SUSE-SU-2026:2386-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to hea...

7.4CVSS6.7AI score0.00143EPSS
Exploits1References14
NVD
NVD
added 2026/06/12 10:16 a.m.14 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 10:16 a.m.7 views

UBUNTU-CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/12 9:42 a.m.13 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 9:42 a.m.33 views

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/12 9:42 a.m.13 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/12 9:42 a.m.18 views

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 9:42 a.m.58 views

CVE-2026-48914

CVE-2026-48914 affects QEMU’s virtio-blk device. The issue: the driver does not validate input descriptor sizes when handling virtio-blk SCSI requests, allowing a malicious guest with high privileges to trigger an out-of-bounds write in host heap memory, causing potential DoS of the QEMU process....

6.7CVSS5.3AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 9:42 a.m.26 views

EUVD-2026-36408

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder