systemd security update

257-13.0.1.el101.3 - Fix detection of Oracle Virtualization or BM envs Orabug: 37531877 - Avoid udevadm warnings when using udev valid configs Orabug: 37503197 - allow dm remove ioctl to co-operate with UEK3 Orabug: 18467469 - set 'RemoveIPC=no' in logind.conf as default Orabug: 22224874 - Fix...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the...

Important: Red Hat Security Advisory: OpenShift Virtualization v4.19 Images

Red Hat OpenShift Virtualization release v4.19 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Important: Red Hat Security Advisory: OpenShift Virtualization v4.14 Images

Red Hat OpenShift Virtualization release v4.14 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Astra Linux - уязвимость в amd64-microcode

Secure Encrypted Virtualization SEV on the Advanced Micro Devices AMD Platform Security Processor PSP; also known as AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation...

Astra Linux - уязвимость в amd64-microcode

Improper signature verification in the AMD CPU ROM microcode patch loader may allow an attacker with local administrator privileges to load malicious CPU microcode, resulting in a loss of confidentiality and integrity for confidential guests running under AMD SEV-SNP...

Astra Linux - уязвимость в linux-5.15

A race condition in the x86 KVM subsystem within the Linux kernel, as of 6.1-rc6, allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization is enabled and the TDP MMU is also enabled...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX – Prevent RSB underflow before vmenter On VMX, there is some timing balance between the time the guest’s SPECCTRL value is written and the vmenter. Balanced returns matched by a preceding call are usually acceptable...

Astra Linux - уязвимость в linux

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the event-handling loop a race condition. This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the AMD nested virtualization SVM feature of the KVM. A malicious L1 guest could intentionally fail to intercept the shutdown of a cooperative nested guest L2, potentially causing a page fault and kernel panic in the host L0...

Astra Linux - уязвимость в linux-5.15

A NULL pointer dereference flaw was discovered in the Linux kernel’s KVM module. This flaw can lead to a denial of service in the x86emulateinsn function in arch/x86/kvm/emulate.c. The flaw occurs when an illegal instruction is executed on the guest CPU of the Intel model...

CLSA-2026-1777633439 kernel: Fix of 142 CVEs

crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...

[SECURITY] Fedora 43 Update: edk2-20260213-4.fc43

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime and IBM SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to Denial of Service CVE-2026-21945, Tampering CVE-2026-21932, Information Disclosure CVE-2026-21933, CVE-2026-21925 and Elevation of Privilege CVE-2026-1188 threats due to the use of IBM Semeru Runtime and IBM SDK, Java Technology Edition...

Linux Distros Unpatched Vulnerability : CVE-2026-31591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing...

AgentVisor: Defending LLM Agents against Prompt Injection Via Semantic Virtualization

Large Language Model LLM agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt injection. Existing defenses face significant challenges in balanci...

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

...

KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION

...

KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

...