CVE-2025-27735

Insufficient verification of data authenticity in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

...

CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

...

CVE-2025-27735

CVE-2025-27735 affects Windows Virtualization-Based Security (VBS) Enclave. The root cause is insufficient verification of data authenticity, enabling an authorized local attacker to bypass a security feature. The connected NCSC listing labels the impact as bypassing a security measure with CVSS ...

Security Bulletin: A Netty vulnerability affects Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server ( CVE-2024-47535 )

Summary Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an...

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

Insufficient verification of data authenticity in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

PT-2025-15558 · Microsoft · Windows Virtualization-Based Security (Vbs) Enclave +1

Name of the Vulnerable Software and Affected Versions: Windows Virtualization-Based Security VBS Enclave affected versions not specified Description: The issue is related to insufficient verification of data authenticity, allowing an authorized attacker to bypass a security feature locally. There...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...

SUSE CVE-2025-21894

In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMPTXONESTEPSYNC Actually ENETC VFs do not support HWTSTAMPTXONESTEPSYNC because only ENETC PF can access PMaSINGLESTEP registers. And there will be a crash if VFs are used to test one-step...

SUSE CVE-2025-21953

In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfsremove When on a MANA VM hibernation is triggered, as part of hibernatesnapshot, managdsuspend and managdresume are called. If during this managdresume, a failure occurs with HWC...

UBUNTU-CVE-2022-49760

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlbchangeprotection Patch series "mm/hugetlb: uffd-wp fixes for hugetlbchangeprotection". Playing with virtio-mem and background snapshots using uffd-wp on hugetlb in QEMU, I managed to...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: When deserializing untrusted...

The vulnerability of the module parameter function module arch/x86/kvm/vmx/vmx.c in the virtualization subsystem of the Linux operating system’s x86 kernel allows a attacker to cause a service failure.

The vulnerability of the module parameter function module arch/x86/kvm/vmx/vmx.c in the virtualization subsystem of the Linux operating system’s x86 kernel is related to code errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

Security Bulletin: Rational Test Virtualization Server and Rational Test Workbench are vulnerable to denial of service due to Spring MVC (CVE-2024-38828)

Summary Rational Test Control Panel RTCP component of Rational Test Virtualization Server and Rational Test Workbench uses Spring MVC which is vulnerable to a denial of service attack CVE-2024-38828. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an...

Advisory ROSA-SA-2025-2785

Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 3.0 packageevrstring: xmlrpc-c-1.51.0-10.0.1.rv30 CVE-ID: CVE-2023-52425 BDU-ID: 2024-01514 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XML parser library libexpat is associated with uncontrolled resource consumption. Exploitation of the...

Advisory ROSA-SA-2025-2781

Software: cairo 1.15.12 OS: ROSA Virtualization 2.1 packageevrstring: cairo-1.15.12-6.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...

Advisory ROSA-SA-2025-2778

Software: xmlrpc 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-3.1.3-1.0.1.1.rv3 CVE-ID: CVE-2019-17570 BDU-ID: 2020-01960 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library is related to ...

RLSA-2024:9136 Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...

SUSE CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238033. CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization guest/host mode behind...