PT-2026-34945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM component regarding SEV Secure Encrypted Virtualization. The system fails to reject attempts to synchronize the vCPU state to its associated VMSA Virtual Machi...

virt:kvm_utils3 bug fix update

hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 1.3.18-22.el8 - Resolves: bz2000225 Rebase virt:rhel module:stream based on AV-8.6 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade...

PT-2026-34910

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm get vcpu by cpuid more robust kvm get vcpu by cpuid takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvm get vcpu by cpuid return NULL for this case so as to make it more robust...

PT-2026-34940

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 component. This occurs when the emulator initiates a write using an on-stack local variable as the source, the write splits a page boundary,...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow bsc1252073. CVE-2025-68794: iomap: adjust read range correctly for...

CVE-2026-31470

CVE-2026-31470 concerns the Linux kernel TDX guest path, specifically the virt: tdx-guest component. Multiple connected sources confirm a fix for handling of the host-controlled quote buffer length, where the host can set quote_buf->out_len to influence how many bytes of the quote are copied t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013857)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013857 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter B Generic UART in ARM Server...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013790 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013761 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd PCI/IOV: Add PCI...

CVE-2026-35248

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

UBUNTU-CVE-2026-35242

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

UBUNTU-CVE-2026-35251

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

CVE-2026-35250

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

CVE-2026-35251

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

CVE-2026-35245

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this...

UBUNTU-CVE-2026-35245

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this...

CVE-2026-35246

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

CVE-2026-35242

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

CVE-2026-35245

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this...

CVE-2026-29649

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...