DEBIAN-CVE-2022-49610

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

AZL-68717 CVE-2022-49610 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

DEBIAN-CVE-2022-49559

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...

AZL-58352 CVE-2022-49534 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

UBUNTU-CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

UBUNTU-CVE-2022-49559

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...

UBUNTU-CVE-2022-49534

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

DEBIAN-CVE-2022-49154

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guestirq is coming from KVMIRQFD API call, it may trigger crash in svmupdatepiirte due to out-of-bounds: crash bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" 0...

UBUNTU-CVE-2022-49154

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guestirq is coming from KVMIRQFD API call, it may trigger crash in svmupdatepiirte due to out-of-bounds: crash bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" 0...

DEBIAN-CVE-2021-47639

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

UBUNTU-CVE-2021-47639

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

CVE-2022-49534 scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGIRJT There is a potential memory leak in lpfcignoreelscmpl and lpfcelsrspreject that was allocated from NPIV PLOGIRJT lpfcrcvplogi's loginmbox. Check if...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the SEV ioctl interface not properly allocating memory, which could lead to a kernel data leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from VMX before vmenter that could lead to an RSB underflow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unnecessary invalidaterangestart/end call on mremapoldsize=0, which results in a mmunotifier warning for...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a svm range restore work that can lead to a deadlock when the process exits...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.18.0 Images

Red Hat OpenShift Virtualization release 4.18.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

CLSA-2025-1740470330 linux-firmware: Fix of 2 CVEs

Update AMD SEV CPU firmware to address CVE-2023-31356, CVE-2023-20584...

Advisory ROSA-SA-2025-2721

Software: zlib 1.2.11 OS: ROSA Virtualization 3.0 packageevrstring: zlib-1.2.11 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of...

Advisory ROSA-SA-2025-2714

Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 packageevrstring: openssh-8.0p1-19.0.1 CVE-ID: CVE-2023-38408 BDU-ID: 2023-03950 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PKCS11 function of the PKCS11 component of the ssh-agent component of the OpenSSH cryptographic security tool ...