12996 matches found
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
DEBIAN-CVE-2022-49932
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...
AZL-70117 CVE-2022-49932 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...
UBUNTU-CVE-2022-49932
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...
SUSE CVE-2025-23141
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect KVM VMX initialization sequence that could lead to null pointer dereferencing...
CVE-2022-49886
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...
DEBIAN-CVE-2022-49886
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...
DEBIAN-CVE-2022-49883
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format On 64 bit host, if the guest doesn't have X86FEATURELM, KVM will access 16 gprs to 32-bit smram image, causing out-ouf-bound ram access. On 32 bit host,...
DEBIAN-CVE-2022-49884
In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit'...
UBUNTU-CVE-2022-49886
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...
DEBIAN-CVE-2022-49774
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix eventfd error handling in kvmxeneventfdassign Should not call eventfdctxput in case of error. Introduce new goto target instead. - Paolo...
CVE-2022-49886 x86/tdx: Panic on bad configs that #VE on "private" memory access
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...
CVE-2022-49886
CVE-2022-49886 affects the Linux kernel (x86/tdx) where bad configurations can cause a panic if a #VE is delivered on private memory access. The fix/policy requires ATTR_SEPT_VE_DISABLE to be set during early boot; if it is unset, the kernel panics. There is no public exploit detail provided in t...
CVE-2022-49886 x86/tdx: Panic on bad configs that #VE on "private" memory access
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...
UBUNTU-CVE-2025-23141
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...
PT-2025-18603 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the x86/tdx component. The issue occurs when the kernel accesses "private" memory, which includes all normal kernel...
Advisory ROSA-SA-2025-2860
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...
Advisory ROSA-SA-2025-2858
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...
Advisory ROSA-SA-2025-2855
Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.3 CVE-ID: CVE-2024-38477 BDU-ID: 2024-05195 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to an incorrect null pointer entry...