Advisory ROSA-SA-2025-2706

Software: libksba 1.3.5 OS: ROSA Virtualization 3.0 packageevrstring: libksba-1.3.5-9 CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X.509 certificate function-providing library LibKSBA is related to an integer overflow in the CRL parser. Exploitation of...

Advisory ROSA-SA-2025-2710

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-18.0.1 CVE-ID: CVE-2021-3518 BDU-ID: 2021-05283 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xinclude.c component of the Libxml2 library is related to memory usage after it has been freed. Exploitation of th...

CVE-2024-46975

CVE-2024-46975 affects the Imagination Technologies PowerVR-GPU driver. The issue arises from kernel code running inside a guest VM that may access memory shared with the GPU firmware, allowing writes to another guest’s virtualized GPU memory. This is described in multiple sources (including Red ...

CLSA-2025-1739965377 linux-firmware: Fix of 2 CVEs

Update AMD SEV CPU firmware to address CVE-2023-31356, CVE-2023-20584...

Advisory ROSA-SA-2025-2695

Software: shim 15.6 OS: ROSA Virtualization 3.0 packageevrstring: shim-15.6 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability...

Advisory ROSA-SA-2025-2694

Software: samba 4.17.12 OS: ROSA Virtualization 3.0 packageevrstring: samba-4.17.12 CVE-ID: CVE-2022-38023 BDU-ID: 2022-06830 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Netlogon Remote Protocol MS-NRPC implementation of Windows operating systems is due to errors in security settings...

Advisory ROSA-SA-2025-2689

Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...

Advisory ROSA-SA-2025-2687

Software: pango 1.42.4 OS: ROSA Virtualization 3.0 packageevrstring: pango-1.42.4-8 CVE-ID: CVE-2019-1010238 BDU-ID: 2019-02871 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the pangolog2visgetembeddinglevels function of the Pango library is related to an operation exceeding buffer boundaries...

Advisory ROSA-SA-2025-2686

Software: openldap 2.4.46 OS: ROSA Virtualization 3.0 packageevrstring: openldap-2.4.46-18.0.1 CVE-ID: CVE-2022-29155 BDU-ID: 2022-03203 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the OpenLDAP protocol implementation is related to failure to take measures to protect the SQL query structure...

Advisory ROSA-SA-2025-2683

Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-148.0.3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...

SUSE CVE-2022-2196

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L2 with code...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffe...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref bsc1236703. CVE-2025-21678: gtp: Destroy device along with udp socket's netns...

[SECURITY] Fedora 40 Update: libkrun-1.10.1-2.fc40

Dynamic library providing Virtualization-based process isolation capabilities...

PT-2025-10071

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel's KVM Kernel-based Virtual Machine implementation allows the guest's DR6 value to be clobbered when the guest modifies DR6 and then a fastpath VM-Exit occurs...

Advisory ROSA-SA-2025-2679

Software: curl 7.61.1 OS: ROSA Virtualization 3.0 packageevrstring: curl-7.61.1-33.0.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent PUT an...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 CVE-2023-45231: out-of-bounds...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS Grab kvm-srcu when processing KVMSETVCPUEVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle protected guests properly in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g., SEV-ES and SEV-SN...

AMD Server Processor 安全漏洞

AMD Server Processor is a processor product for the server market from UltraMicro Semiconductor AMD that is primarily used in data centers, cloud computing, and high-performance computing. A security vulnerability exists in AMD Server Processor that stems from the improper handling of invalid...