Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

PT-2026-20212

URGENT: Ubuntu 24.04 LTS kernel updates USN-8028-3 are live. Critical patches for AMD CPU data leaks CVE-2024-36351 and SEV-SNP guest memory overwrite flaws. Read more: 👉 https://t.co/ChC0mzFiGU Security https://t.co/LSj2IFaKnN...

Control Flow Reconstruction using HPCs

Affected Products and Mitigation Performance counters are not protected by Secure Encrypted Virtualization SEV, SEV-ES, or SEV-SNP. AMD has defined support for performance counter virtualization in APM Vol 2, section 15.39. Performance Monitoring Counters PMC virtualization, available on AMD...

CVE-2025-0029

Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity...

CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

CVE-2025-29939

Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...

CVE-2025-29948

Improper access control in AMD Secure Encrypted Virtualization SEV firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity...

CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity...

CVE-2025-48517

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

CVE-2025-48514

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality...

CVE-2025-0031

A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLESOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity...

Advisory ROSA-SA-2026-3199

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 unaffected versions = rsync-3.1.3-23.rv3 affected versions rsync-3.1.3-23.rv3 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync...

Advisory ROSA-SA-2026-3197

Software: pam 1.3.1 OS: ROSA Virtualization 2.1 unaffected versions = pam-1.3.1-39.rv3 affected versions pam-1.3.1-39.rv3 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a race...

Advisory ROSA-SA-2026-3201

Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 unaffected versions = sysstat-11.7.3-13.rv3 affected versions sysstat-11.7.3-13.rv3 CVE-ID: CVE-2023-33204 BDU-ID: 2025-00980 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the common.c component of the sysstat system performance measurement and...

Advisory ROSA-SA-2026-3200

Software: sqlite 3.26.0 OS: ROSA Virtualization 2.1 unaffected versions = sqlite-3.26.0-20.rv3 affected versions sqlite-3.26.0-20.rv3 CVE-ID: CVE-2020-24736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A buffer overflow vulnerability in SQLite3 allows a local attacker to cause a denial of service DoS...

Advisory ROSA-SA-2026-3198

Software: perl 5.26.3 OS: ROSA Virtualization 2.1 unaffected versions = perl-5.26.3-423.rv3 affected versions perl-5.26.3-423.rv3 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an unreliab...

Advisory ROSA-SA-2026-3174

Software: libtommath 1.2.0 OS: ROSA Virtualization 3.0 unaffected versions = libtommath-1.2.0-1.rv30 affected versions libtommath-1.2.0-1.rv30 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...

Advisory ROSA-SA-2026-3179

Software: pam 1.3.1 OS: ROSA Virtualization 3.0 unaffected versions = pam-1.3.1-39.0.2.rv30 affected versions pam-1.3.1-39.0.2.rv30 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...

Advisory ROSA-SA-2026-3167

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 3.0 unaffected versions = jackson-databind-2.10.0-1.0.2.rv30 affected versions jackson-databind-2.10.0-1.0.2.rv30 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...

Advisory ROSA-SA-2026-3160

Software: perl 5.26.3 OS: ROSA Virtualization 3.1 unaffected versions = perl-5.26.3-423.rv31 affected versions perl-5.26.3-423.rv31 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...