AMD Server Processor Vulnerabilities – February 2025

AMD ID: AMD-SB-3009 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted Virtualization – Secure Nested Paging SEV-SN...

CVE-2025-21690

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...

[SECURITY] Fedora 41 Update: rust-sevctl-0.6.0-4.fc41

Administrative utility for AMD SEV...

[SECURITY] Fedora 41 Update: libkrun-1.10.1-2.fc41

Dynamic library providing Virtualization-based process isolation capabilities...

Kaspersky多款产品 安全漏洞

Kaspersky Anti-Virus is a suite of antivirus software, Kaspersky Internet Security is a suite of security software with both anti-virus and firewall features. Internet Security is a suite of antivirus software for Internet security.Kaspersky Anti-Ransomware Tool is a security software that provid...

CVE-2022-39421

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

SUSE CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

CVE-2024-0128

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges...

Security Bulletin: IBM Watson Query (Data Virtualization) on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Watson Query, also known as Data Virtualization, is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3...

UBUNTU-CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

SUSE-SU-2025:20076-1 Security update for qemu

This update for qemu fixes the following issues: - Bugfixes and CVEs: hw/usb/hcd-ohci: Fix 1510, 303: pid not IN or OUT bsc1230834, CVE-2024-8354 softmmu: Support concurrent bounce buffers bsc1230915, CVE-2024-8612 system/physmem: Per-AddressSpace bounce buffering bsc1230915, CVE-2024-8612...

AMD SEV-SNP 安全漏洞

AMD SEV-SNP is a secure encrypted virtualization firmware from UltraMicroelectronics AMD. A single key is used to encrypt system memory. A security vulnerability exists in AMD SEV-SNP that stems from incorrect signature verification...

Cache-based Side-Channel Attack Against SEV

AMD ID: AMD-SB-3010 Potential Impact: N/A Severity: N/A Summary AMD has received a report from researchers at National Taiwan University detailing cache-based side-channel attacks against Secure Encrypted Virtualization SEV. 2025-06-03 Update: A subsequent report of the same attacks was received...

KVM: arm64: Fix shift-out-of-bounds bug

...

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

...

NVIDIA vGPU software 安全漏洞

NVIDIA vGPU Software is a management software from NVIDIA, USA, used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security vulnerabili...

CVE-2024-37526

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

PT-2025-2501 · Ibm · Ibm Watson Query

Name of the Vulnerable Software and Affected Versions: IBM Watson Query on Cloud Pak for Data IBM Data Virtualization versions 1.8 through 3.0.0 Description: The issue allows an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment CVE-2024-26907 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to...