4537 matches found
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
EUVD-2025-210459
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...
CVE-2025-8412
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...
CVE-2025-8412
The CVE-2025-8412 entry concerns the SUSE Virtual Machine Driver Pack. A BUFFER overflow can occur in the RtlQueryRegistryValues function when an attacker able to modify the registry interacts with the driver, affecting integrity. Affected scope is the Virtual Machine Driver Pack up to the build ...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
RLSA-2026:36956 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange CVE-2025-71066 kernel: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL...
CVE-2026-45203
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45196
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...
EUVD-2026-43043
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45203
The CVE-2026-45203 entry concerns a TOCTOU issue in GPU DDK software used inside a Host VM. CVE records attribute a vulnerability in the rgxfw_hwperf_ufo() path where the command size is re-read after initial validation, enabling improper commands to reach GPU firmware and potentially trigger a m...
CVE-2026-45203
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45203 GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45196
CVE-2026-45196 involves GPU DDK components (rgxfw_hwperf_hw) where unsanitized pointers from host-kernel inside a Host VM enable arbitrary GPU register writes via GPU Firmware commands, leading to privilege escalation. Exploitation is described as local with low privileges and no user interaction...
CVE-2026-45196 GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...
CVE-2026-53657 Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...
CVE-2026-53657 Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...
CVE-2026-53657
CVE-2026-53657 affects Lima when using the qemu driver. Prior to 2.1.3, an unprivileged user inside a Lima QEMU guest could access the /run/lima-guestagent.sock guest-agent socket when enabled, enabling commands with root privileges inside the VM via the socket’s tunneling to privileged daemons. ...