cyberstan

Reported to security@kernel.org, 8 April 2026 · Fixed in mainline (db3f219), May 2026, Cc: stable · Fixes 4af663c · Affected: KVM SNP host support, ~v6.10 through the fix · CVE: pending (track commit db3f219 on linux-cve-announce) Summary A malicious SEV-SNP guest can corrupt the host kernel’s heap and leak information about its layout, through the…

April 2026 · Reported to qemu-security · Classified as non-security (CXL outside policy scope) · Found by manual code audit Summary Three bugs in QEMU’s CXL Type 3 mailbox emulation (hw/cxl/cxl-mailbox-utils.c) chain into a deterministic guest-to-host escape with full ASLR bypass. The escape gets you arbitrary code execution on the host from a guest VM…

January 2026 · CPython Issue #143228 · Fix PR #143233 · Patched in 3.13/3.14, 3.12 marked Won’t Fix Summary A use-after-free in CPython’s perf_trampoline implementation, triggered when sys.deactivate_stack_trampoline() runs concurrently with active bytecode execution on worker threads. The cleanup function free_code_arenas calls munmap on executable memory pages without checking whether other threads are currently executing…

November 2025 · CVE-2025-64459 (CVSS 9.1) · Fixed in Django 5.2.8, 5.1.14, 4.2.26 Summary Django’s WhereNode.as_sql formatted the query connector (AND / OR) into the generated SQL via unchecked %s string interpolation. Because the connector value is attacker-reachable through the _connector key of a Q object — and because the common pattern Q(**user_input) unpacks request…