CVE-2026-29649

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...

PT-2026-33839

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

CVE-2026-29649

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...

CVE-2026-29646

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

PT-2026-33841

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

OESA-2026-1992 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007214)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007214 advisory. In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Fix a memory leak in error handling paths If 'vmbusestablishgpadl' fails, the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007595 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007227)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007227 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007468 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM...

SUSE-SU-2026:1413-1 Security update for ovmf

This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...

EUVD-2026-22607

Improper access control in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-32220

Improper access control in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-23670

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-32220

Improper access control in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

...

CVE-2026-27929

CVE-2026-27929 is a Time-of-check Time-of-use (toctou) race condition in Windows LUAFV (LUA File Virtualization Filter Driver) that enables a locally authenticated attacker to elevate privileges. Red Hat and NCSC advisories confirm the Windows LUAFV vulnerability and its local privilege-escalatio...

CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

...

CVE-2026-23670

CVE-2026-23670 affects Windows Virtualization-Based Security (VBS) security feature. The issue is a local, high-privilege bypass of VBS protections, with no user interaction required (UI: NONE). Exploitation is possible with local access and may impact confidentiality and integrity (both HIGH), w...

CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

...