CLSA-2025-1736778632 kernel: Fix of 17 CVEs

tracing: Free buffers when a used dynamic event is removed CVE-2022-49006 - ASoC: ops: Check bounds for second channel in sndsocputvolswsx CVE-2022-48951 - ext4: fix slab-use-after-free in ext4splitextentat CVE-2024-49884 - ext4: fix bug on in ext4escacheextent as ext4splitextentat failed...

PT-2025-1243

Name of the Vulnerable Software and Affected Versions Windows Virtualization-Based Security VBS Enclave affected versions not specified Description The issue is related to insufficient input validation in the Virtualization-Based Security VBS Enclave of Microsoft Windows operating systems. This c...

Microsoft Windows Virtualization-Based Security Enclave 输入验证错误漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment within the host application address space from Microsoft Corporation USA. An input validation error vulnerability exists in Microsoft Windows Virtualization-Base...

PT-2025-1058

Name of the Vulnerable Software and Affected Versions Windows Hyper-V NT Kernel Integration VSP versions are not explicitly specified in the provided sources. Description The issue is related to an elevation of privilege in Windows Hyper-V NT Kernel Integration VSP, allowing an attacker to elevat...

PT-2025-4220 · Microsoft · Windows Virtualization-Based Security +1

Name of the Vulnerable Software and Affected Versions: Windows Virtualization-Based Security VBS affected versions not specified Description: A security-feature bypass issue allows attackers to affect the system. This issue is related to the Windows Virtualization-Based Security VBS and enables...

Microsoft Windows Virtualization-Based Security Enclave 访问控制错误漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment within the host application address space from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows Virtualization-Based...

DEBIAN-CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on lastboostedvcpu in kvmvcpuonspin CVE-2024-40953 In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs. rqqoswakefunction race...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs CVE-2023-52913 In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets CVE-2024-26718 In the Linux kernel, the following...

kernel: i40e: Do not allow untrusted VF to remove administratively set MAC

A flaw was found in Intel network adapters in the Linux kernel, where untrusted virtualized network interfaces can remove MAC addresses set by the system. This flaw allows an attacker with sufficient privileges to cause a denial of service...

kernel: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration

A flaw was found in the Linux kernel's KVM SVM implementation for AMD SEV-ES. During intrahost VM migration, KVM incorrectly retrieves source vCPUs from the destination VM instead of the source VM. This causes the VMSA Virtual Machine Save Area pointer to remain NULL, leading to a host kernel cra...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.17.3 Images

Red Hat OpenShift Virtualization release 4.17.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

PT-2025-30869

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-smp-DEV 2 Description The Linux kernel contained a flaw within the KVM component, specifically related to Secure Encrypted Virtualization SEV and Secure Encrypted Virtualization-Encrypted State SEV-ES. The...

PT-2026-7455

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

PT-2025-43034

Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Certain hypercalls within xen can be specified in a manner that presents a security concern. The description does not provide details about the nature of the issue or any specific technical detai...

PT-2026-7452

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality...

PT-2026-7453

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

UBUNTU-CVE-2024-56704

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fix release of IRQ Kernel logs indicate an IRQ was double-freed. Pass correct device ID during IRQ release. Dominique: remove confusing variable reset to 0...

DEBIAN-CVE-2024-53228

In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvmriscvvcpusbiinit the entry-extidx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the...

AZL-68306 CVE-2024-53196 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. Nevertheless, it's clear that this plumbing has seen limited testing, since...