Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989676 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pincount leak gmcv9,100gartdisable isn't called matched with correspoding...

CVE-2025-54327

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Improper input validation in the VTS driver leads to an arbitrary write...

CLSA-2025-1762171389 kernel: Fix of 15 CVEs

nfs: fix possible null-ptr-deref when parsing param CVE-2022-50455 - KVM: arm64: Disassociate vcpus from redistributor region on teardown CVE-2024-40989 - HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 - ALSA: usb-audio: Validate UAC3 cluster segment descriptors...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/xen – Fixed the cleanup logic in the emulation of Xen schedop poll hypercalls. In kvmxenschedoppoll, the kmallocarray function is called when a VM polls the host for more than one event channel nrports 1. After the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

UBUNTU-CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

CVE-2025-58149

CVE-2025-58149 affects the Xen hypervisor. The detach logic for PCI devices fails to remove access permissions to 64‑bit memory BARs when a device is unplugged, allowing PV guests to access memory of devices no longer assigned to them (HVM implications noted with required compromised device model...

Ubuntu 18.04 LTS : Linux kernel (KVM) vulnerabilities (USN-7854-1)

"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7854-1 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwe...

PT-2025-44620

Name of the Vulnerable Software and Affected Versions libxl affected versions not specified Description The detach logic in libxl does not remove access permissions to 64-bit memory BARs when passing through PCI devices. This can allow a domain to retain access to these memory BARs even after the...

CVE-2025-40102

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...

AZL-69412 CVE-2025-40102 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...

AZL-69400 CVE-2025-40104 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...

CVE-2025-40102

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

RISC-V: KVM: Write hgatp register with valid mode bits

...

KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O

...

KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid

...

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

SUSE CVE-2025-40065

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits According to the RISC-V Privileged Architecture Spec, when MODE=Bare is selected,software must write zero to the remaining fields of hgatp. We have detected the valid mode...