Update Rollup 1 for System Center 2025 Virtual Machine Manager

Update Rollup 1 for System Center 2025 Virtual Machine Manager Applies to Microsoft System Center 2025 Virtual Machine Manager Introduction This article lists the new enhancements and bug fixes that come with System Center Virtual Machine Manager 2025 UR1 release. This article also provides the...

EVE Freely Allocates Buffer on The Stack With Data From Socket

Impact VTPM server listens on port 8877, exposing limited TPM functionality. The server reads 4 bytes as a uint32 size header, then allocates that amount on the stack for incoming data. This allows Denial of Service attacks against the vTPM service. An workload a container or VM running on EVE-OS...

CVE-2025-36238

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures...

PT-2026-6382

Impact VTPM server listens on port 8877, exposing limited TPM functionality. The server reads 4 bytes as a uint32 size header, then allocates that amount on the stack for incoming data. This allows Denial of Service attacks against the vTPM service. An workload a container or VM running on EVE-OS...

CVE-2025-36238 Power System Exposure of Sensitive System Information

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures...

CVE-2025-36238

CVE-2025-36238 affects IBM PowerVM Hypervisor: FW1110.00–FW1110.03, FW1060.00–FW1060.51, and FW950.00–FW950.F0 may let a local administrator obtain sensitive information from a Virtual TPM via PowerVM service procedures. Affected products include PowerVM Hypervisor across Power 9–11 generations (...

PT-2026-5699

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures...

Azure Linux 3.0 Security Update: libtpms (CVE-2025-49133)

The version of libtpms installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49133 advisory. - Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qem...

Security Bulletin: This Power System update is being released to address CVE-2025-49133

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. This issue was fixed in a previous security bulletin for CVE-2025-2884: https://www.ibm.com/support/pages/node/7238453 Vulnerability Details CVEID:CVE-2025-49133 DESCRIPTION: Libtpms is a...

CVE-2023-54309

CVE-2023-54309 affects the Linux kernel TPM driver tpm_vtpm_proxy, where /dev/vtpmx was exposed before workqueue initialization, enabling a race condition that could lead to memory corruption. The root cause is the workqueue not being initialized as the first step of driver initialization; the fi...

TencentOS Server 4: libtpms (TSSA-2025:0442)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0442 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

[SECURITY] Fedora 42 Update: rust-az-snp-vtpm-0.7.4-1.fc42

VTPM based SEV-SNP attestation for Azure Confidential VMs...

SUSE CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

OESA-2025-2134 libtpms security update

A library providing TPM functionality for VMs. Targeted for integration into Qemu. Security Fixes: Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by th...

OESA-2025-2135 libtpms security update

A library providing TPM functionality for VMs. Targeted for integration into Qemu. Security Fixes: Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by th...

OESA-2025-2133 libtpms security update

A library providing TPM functionality for VMs. Targeted for integration into Qemu. Security Fixes: Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by th...

Alibaba Cloud Linux 3 : 0149: virt:an and virt-devel:an (ALINUX3-SA-2025:0149)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0149 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-49133: Libtpms is a library that targets t...

OESA-2025-1836 libtpms security update

A library providing TPM functionality for VMs. Targeted for integration into Qemu. Security Fixes: Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by th...

DEBIAN-CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

AZL-63702 CVE-2025-49133 affecting package libtpms for versions less than 0.9.6-8

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...