Important: Red Hat Security Advisory: MTV RHEL9 Images

Updated Release packages that fix several bugs and add various enhancements are now available. Migration Toolkit for Virtualization Images...

ROS-20260126-73-0029

A vulnerability in the KVM component of the Linux operating system kernel is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

UBUNTU-CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005 x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2025-71155

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

CVE-2025-71155

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

CVE-2025-71155

CVE-2025-71155 concerns the Linux kernel KVM on s390 where gmap_helper_zap_one_page() had missing checks that could lead to memory corruption in a guest under specific circumstances. The connected documents confirm the vulnerability and describe the root cause as incomplete validation within that...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004917 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt...

Low: Red Hat Security Advisory: OpenShift Virtualization 4.19.17 Images

Red Hat OpenShift Virtualization release 4.19.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Azure Linux 3.0 Security Update: kernel (CVE-2024-45005)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45005 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception iss...

Azure Linux 3.0 Security Update: qemu (CVE-2024-26328)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26328 advisory. - An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c does not set NumVFs to...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23141)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23141 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE ...

Azure Linux 3.0 Security Update: qemu (CVE-2024-26327)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26327 advisory. - An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c mishandles the situatio...

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

ROS-20260121-73-0015

A vulnerability in the KVM component of the Linux operating system kernel is related to memory initialization errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-21990

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2025-4598 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu...