CVE-2025-36920

In hypalloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

OESA-2026-1352 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: An "off by one" bug has been discovered in QEMU's KVM Xen guest support. A malicious client could exploit this vulnerability to trigger an out-of-bounds heap access in the QEMU process vi...

CVE-2026-21247 Windows Hyper-V Remote Code Execution Vulnerability

...

CVE-2025-25058

CVE-2025-25058 affects Intel Ethernet 800-Series kernel-mode drivers in VMware ESXi: improper initialization may allow information disclosure. A local, low-complexity attack by an authenticated unprivileged user could expose data. Vulnerable on ESXi 8.0 (before 2.2.2.0) and ESXi 9.0 (before 2.2.3...

EUVD-2010-0461

Malware in sbrugna...

EUVD-2025-29121

Malicious code in bioql PyPI...

CVE-2025-36035 IBM PowerVM Hypervisor denial of service

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory...

SUSE-SU-2025:02853-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

USN-6949-1 linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-nvidia-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - M68K architecture; - OpenRISC architecture; - PowerPC architecture; -...

SUSE CVE-2024-6505

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirectionstable data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This...

SUSE CVE-2010-0741

The virtionetbadfeatures function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service guest OS crash, and an associated qemu-kvm process exit by...

CVE-2022-30163

Windows Hyper-V Remote Code Execution Vulnerability...

VMWare Cloud Foundation (ESXi) 访问控制错误漏洞

Vmware VMware Cloud Foundation is an all-in-one hybrid cloud platform from Vmware. The platform includes features such as operations automation, infrastructure auto-configuration, and integrated lifecycle management. An access control error vulnerability exists in VMWare Cloud Foundation ESXi tha...

Red Hat libvirt elevation of privilege vulnerability (CNVD-2020-47042)

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. An elevation of privilege vulnerability exists in Red Hat...

kernel: kvm: Information leak within a KVM guest

A flaw was found in the way Linux kernel's KVM hypervisor handled deferred TLB flush requests from guest. A race condition may occur between the guest issuing a deferred TLB flush request to KVM, and then KVM handling and acknowledging it. This may result in invalid address translations from TLB...

CVE-2015-5201

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows...

CVE-2015-5201

CVE-2015-5201 affects VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (RHEV-H) 6-6.x (before 6-6.7-20151117.0) and 7-7.x (before 7-7.2-20151119.0) as packaged before RHEV-H 3.5.6. The underlying issue occurs when VSDM runs with -spice disable-ticketing and a VM is suspended and t...

PT-2020-7855 · Red Hat · Red Hat Enterprise Virtualization Hypervisor +1

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Hypervisor aka RHEV-H versions 6-6.x through 6-6.7-20151117.0 Red Hat Enterprise Virtualization Hypervisor aka RHEV-H versions 7-7.x through 7-7.2-20151119.0 Red Hat Enterprise Virtualization versions prior t...

UBUNTU-CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

kernel: vhost-net: guest to host kernel escape during migration

A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this fla...