CVE-2025-71104 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

MiracleLinux 3 : kvm-83-249.0.1.AXS3 (AXSA:2012-643:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-643:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001539 advisory. The nestedvmxcheckvmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS user...

MiracleLinux 4 : libguestfs-1.7.17-17.0.1.AXS4 (AXSA:2011-500:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-500:01 advisory. Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests,...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.113.AXS4.8 (AXSA:2011-97:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-97:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.209.AXS4.4 (AXSA:2012-478:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-478:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

MiracleLinux 3 : xen-3.0.3-41.7AXS3 (AXSA:2008-256:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-256:01 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use...

MiracleLinux 3 : xen-3.0.3-135.2.0.1.AXS3 (AXSA:2012-345:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-345:01 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use Xen can b...

Microsoft Patch Tuesday for January 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as "critical". In this month's release, Microsoft observed one of the included "important" vulnerabilities, CVE-2026-20805, as...

CVE-2026-20938

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2026-20935

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally...

CVE-2026-20876

Heap-based buffer overflow in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2026-20876

Heap-based buffer overflow in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2026-20819

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to disclose information locally...

CVE-2026-20935

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally...

CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

...

CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

...

CVE-2026-20935

This CVE (CVE-2026-20935) describes an information-disclosure vulnerability in Windows 11 VBS Enclave due to an untrusted pointer dereference. A local attacker could disclose data via the VBS Enclave. Affected product: Windows 11 (versions 23H2, 24H2, 25H2) with VBS Enclave. Root cause is a untru...

CVE-2026-20938 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

...

CVE-2026-20938

CVE-2026-20938 is a local elevation-of-privilege in Windows VBS Enclave caused by an untrusted pointer dereference. Affected: Windows 11 VBS Enclave implementations. Impact per sources: local privilege escalation with high confidentiality/integrity/availability impact (CVSS 7.8). Remediation: Mic...