CVE-2026-29646

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010829)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010829 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006999 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013323 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013285 advisory. A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010854)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010854 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-013109)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013109 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Before disabling SR-IOV via...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010846)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010846 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011302 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013287 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Make sure GHCB is mapped before updating Access to the GHCB is mainly in the VMGEXIT pa...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013329 advisory. A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fet...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010870)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010870 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on private memory access All normal kernel memory is TDX...

EUVD-2026-23962

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

EUVD-2026-23944

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...

CVE-2026-29646

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

PT-2026-33830

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...

NEMU 安全漏洞

NEMU is an open-source teaching system simulator developed by XiangShan. NEMU has a security vulnerability, which stems from implementation defects in the RISC-V Hypervisor CSR. This defect may lead to incorrect virtualization configuration execution, causing unexpected traps or denial-of-service...

CVE-2026-29649

The CVE concerns NEMU’s RISC-V Hypervisor CSR handling. Specifically, henvcfg[7:4] (CBIE/CBCFE/CBZE fields) is incorrectly masked/updated by menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor environment configuration. This can cause incorrect enforcement of vir...

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing By Prashanth A N and Mallikarjun Wali · April 20, 2026 PureRAT is an advanced remote access trojan RAT characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK fi...

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...