Advisory ROSA-SA-2025-2800

Software: gmp 6.1.2 OS: ROSA Virtualization 3.0 packageevrstring: gmp-6.1.2-11.rv30 CVE-ID: CVE-2021-43618 BDU-ID: 2022-05776 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the mpz/inpraw.c component of the GMP arithmetic operations library on 32-bit platforms is related to integer overflow...

Advisory ROSA-SA-2025-2796

Software: emacs 26.1 OS: ROSA Virtualization 3.0 packageevrstring: emacs-26.1-13.rv30 CVE-ID: CVE-2024-30203 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In Emacs, a vulnerability in Gnus allows embedded MIME content to be treated as trusted. CVE-STATUS: The vulnerability has been resolved CVE-REV: T...

Advisory ROSA-SA-2025-2805

Software: iperf3 3.5 OS: ROSA Virtualization 3.0 packageevrstring: iperf3-3.5-11.rv30 CVE-ID: CVE-2024-53580 BDU-ID: 2024-11145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to improper handling of test parameters passed to the server in jso...

Advisory ROSA-SA-2025-2794

Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-62.rv30 CVE-ID: CVE-2024-47175 BDU-ID: 2024-07645 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ppdCreatePPDFromIPP2 function of the CUPS print server libppd library is related to failure to take measures to...

Advisory ROSA-SA-2025-2792

Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 3.0 packageevrstring: bind-dyndb-ldap-11.6-5.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the...

Advisory ROSA-SA-2025-2793

Software: bubblewrap 0.4.0 OS: ROSA Virtualization 3.0 packageevrstring: bubblewrap-0.4.0-2.rv30 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...

Advisory ROSA-SA-2025-2791

Software: bind 9.11.36 OS: ROSA Virtualization 3.0 packageevrstring: bind-9.11.36-16.rv30.4 CVE-ID: CVE-2022-3094 BDU-ID: 2023-00580 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the named component of the DNS BIND server is related to the ability to use memory after it has been freed. Exploitatio...

CVE-2025-27735

Insufficient verification of data authenticity in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

USN-7428-2 linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

USN-7428-2: Linux kernel (FIPS) vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

USN-7428-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

USN-7428-1: Linux kernel vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

CLSA-2025-1744213128 Fix of 55 CVEs

CVE-url: https://ubuntu.com/security/CVE-2025-21858 - geneve: Fix use-after-free in genevefinddev. CVE-url: https://ubuntu.com/security/CVE-2024-36921 - wifi: iwlwifi: mvm: guard against invalid STA ID on removal CVE-url: https://ubuntu.com/security/CVE-2023-52621 - bpf: Check rcureadlocktracehel...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237918. CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238919...

KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel

...

SUSE CVE-2025-22013

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: Host SVE being discarded unexpectedly due to inconsistent...

The vulnerability of the trusted execution environment of Virtualization-Based Security (VBS) Enclaves in Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of the trusted execution environment for Virtualization-Based Security VBS in Windows operating systems is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-7428-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7428-1 advisory. Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict t...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...

CVE-2025-27735

Insufficient verification of data authenticity in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...