Advisory ROSA-SA-2025-2853

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the TLS and SSL OpenSSL protocol toolkit is related to information disclosure...

Important: kernel-livepatch-4.14.355-275.591

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfsbtreecheckdelete CVE-2024-47757 In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse the buffer of the extents path CVE-2024-49882 In t...

CVE-2025-37088

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access...

USN-7460-1 linux-azure-fips vulnerabilities

Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...

CVE-2025-37088

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access...

CVE-2025-37088

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access...

CVE-2025-37088

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access...

CVE-2025-37088

CVE-2025-37088 affects HPE Cray Data Virtualization Service (DVS). The vulnerability arises from race conditions and configuration issues, potentially allowing local or cluster‑level unauthorized access. Documented impact states unauthorized access as the outcome; exploitation status is not detai...

Hewlett Packard Enterprise Cray Data Virtualization Service 安全漏洞

Hewlett Packard Enterprise Cray Data Virtualization Service HPE DVS is an application from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise Cray Data Virtualization Service that stems from a competitive condition and configuration issue that could resu...

PT-2025-17596 · Hewlett Packard · Hpe Cray Data Virtualization Service

Name of the Vulnerable Software and Affected Versions: HPE Cray Data Virtualization Service DVS affected versions not specified Description: A security issue has been identified in HPE Cray Data Virtualization Service DVS, which may lead to unauthorized local or cluster access under certain...

OESA-2025-1432 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of initsrcustruct, which can fail due to OOM, when initializing the page tra...

DEBIAN-CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

UBUNTU-CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

SUSE CVE-2025-23135

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Teardown riscv specific bits after kvmexit During a module removal, kvmexit invokes arch specific disable call which disables AIA. However, we invoke aiaexit before kvmexit resulting in the following warning. KVM...

PT-2025-17271

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0 Description The issue is related to the use of a mutex for RLCG register access in the Linux kernel's amdgpu driver, which can lead to priority inversion in SRIOV environments. This occurs when a...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.16.7 Images

Red Hat OpenShift Virtualization release 4.16.7 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

DEBIAN-CVE-2025-23135

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Teardown riscv specific bits after kvmexit During a module removal, kvmexit invokes arch specific disable call which disables AIA. However, we invoke aiaexit before kvmexit resulting in the following warning. KVM...

UBUNTU-CVE-2025-30712

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (February 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is...

Oracle Virtualization 安全漏洞

Oracle Virtualization is a suite of virtualization solutions from Oracle Corporation USA. The product is used to unify the management of the entire hardware and software architecture from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of th...