Linux Distros Unpatched Vulnerability : CVE-2025-0033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a lo...

EBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation Using EBPF in Containerized and Virtualized Environments

With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies i.e., containerization and virtualization have become foundational. However, strict isolation and maintaining runtime security in these environments has become increasingly challenging. Existing...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2447)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : KVM: VMX: Do all initialization before exposing /dev/kvm to userspaceCVE-2022-49932 drivers:md:fix a potential use-after-free bugCVE-2022-50022...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2436)

According to the versions of the kernel package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : KVM: VMX: Do all initialization before exposing /dev/kvm to userspaceCVE-2022-49932 drivers:md:fix a potential use-after-free bugCVE-2022-50022 cep...

EUVD-2025-198507

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

UBUNTU-CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

Summary: CVE-2025-29934 is associated with AMD CPUs and SEV-SNP, where an attacker with local admin privileges could abuse stale TLB entries to run a SEV-SNP guest, potentially causing data integrity loss. The vulnerability is described across multiple sources (NVD, EUVD, CNVD, OSV, Debian, Ubunt...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2025:20518 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT

...

USN-7875-1: Linux kernel (Oracle) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

CVE-2025-36118

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace

...

SUSE CVE-2025-40181

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

Unauthorized Access Vulnerability in Ruiyou Tianyi Application Virtualization System of Xi'an Ruiyou Information Technology Information Co.

Ruiyou Tianyi Application Virtualization System is a domestic application virtualization platform with independent intellectual property rights, which is based on Server-based Computing. Xi'an Ruiyou Information Technology Co., Ltd. Ruiyou Tianyi Application Virtualization System has an...