CyberAlerts

CVE-2025-38351

KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

Description: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow a guest to request invalidation of portions of a virtual TLB. For this, the hypercall parameter includes a list of GVAs that are supposed to be invalidated. However, when non-canonical GVAs are passed, there is currently no filtering in place and they are eventually passed to checked invocations of INVVPID on Intel / INVLPGA on AMD. While AMD's INVLPGA silently ignores non-canonical addresses (effectively a no-op), Intel's INVVPID explicitly signals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error(): invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000 WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482 invvpid_error+0x91/0xa0 [kvm_intel] Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary) RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel] Call Trace: vmx_flush_tlb_gva+0x320/0x490 [kvm_intel] kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm] kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm] Hyper-V documents that invalid GVAs (those that are beyond a partition's GVA space) are to be ignored. While not completely clear whether this ruling also applies to non-canonical GVAs, it is likely...

Source: CVE

July 19th, 2025 (about 2 hours ago)

Description: Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. [...]

Source: BleepingComputer

July 19th, 2025 (about 3 hours ago)

Scientists Discover New World In Our Solar System: ‘Ammonite’

Description: Meet Ammonite, a tiny weird iceball that casts doubt on the Planet Nine hypothesis.

Source: 404 Media

July 19th, 2025 (about 3 hours ago)

ChatGPT"s GPT-5-reasoning-alpha model spotted ahead of launch

Description: GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. [...]

Source: BleepingComputer

July 19th, 2025 (about 3 hours ago)

Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days

Source: TheRegister

July 19th, 2025 (about 7 hours ago)

CVE-2025-38350

net/sched: Always pass notifications when child class becomes empty

Description: In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight class passive via qlen_notify(). Most qdiscs do not expect such behaviour at this point in time and may re-activate the class eventually anyways which will lead to a use-after-free. The referenced fix commit attempted to fix this behavior for the HFSC case by moving the backlog accounting around, though this turned out to be incomplete since the parent's parent may run into the issue too. The following reproducer demonstrates this use-after-free: tc qdisc add dev lo root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo parent 1: classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1 tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0 tc qdisc add dev lo parent 2:1 handle 3: netem tc qdisc add dev lo parent 3:1 handle 4: blackhole echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888 tc class delete dev lo classid 1:1 echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888 Since backlog accounting issues leading to a use-after-frees on stale class pointers is a recurring pattern at this point, this patch takes a different approach. Instead of trying to fix the accounting, the patch ...

Source: CVE

July 19th, 2025 (about 8 hours ago)

OpenAI, Anthropic, Google may disrupt education market with new AI tools

Description: AI companies could soon disrupt the education market with their new AI-based learning tools for students. [...]

Source: BleepingComputer

July 19th, 2025 (about 9 hours ago)

🏴‍☠️ Lynx has just published a new victim : RICHARD MILLE ASIA PTE. LTD & D'LEAGUE PTE. LTD.

Description: Data from various companies in Dave Tan's holding.

Source: Ransomware.live

July 19th, 2025 (about 14 hours ago)

🏴‍☠️ Incransom has just published a new victim : erniesinceresco.com

Description: We offer a wide selection of furniture, mattresses, flooring, appliances and electronics from the most popular brands. Come and visit us today! See our exclusive selection on Ashley, Smith Brothers,England, Flexsteel, Sealy, Tempur-pedic, Beautyrest, Serta, Liberty, La-Z-Boy, Hunter Douglas Window Fashions, LEES, Karastan, Whirlpool, GE, Samsung, Sony, Kinetico water systems and much more! © 2017 Ernie's Store Inc. All Right Reserved. Website powered & designed by Tailbase. Prices, configurations, promotions, and in-store availability may change without notice. All product photos are for illustrative purposes only. Photos displayed on website may contain optional items that are not included in the default configuration for that system. Actual Furniture may vary in design. Employees: 88 Industry: Retail Downloaded: +30GB Phone Number:(402) 665-3151

Source: Ransomware.live

July 18th, 2025 (about 16 hours ago)

CVE-2025-50583

StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module.

Description: StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module.

Source: CVE

July 18th, 2025 (about 18 hours ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-38351	KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush Description: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow a guest to request invalidation of portions of a virtual TLB. For this, the hypercall parameter includes a list of GVAs that are supposed to be invalidated. However, when non-canonical GVAs are passed, there is currently no filtering in place and they are eventually passed to checked invocations of INVVPID on Intel / INVLPGA on AMD. While AMD's INVLPGA silently ignores non-canonical addresses (effectively a no-op), Intel's INVVPID explicitly signals VM-Fail and ultimately triggers the WARN_ONCE in invvpid_error(): invvpid failed: ext=0x0 vpid=1 gva=0xaaaaaaaaaaaaa000 WARNING: CPU: 6 PID: 326 at arch/x86/kvm/vmx/vmx.c:482 invvpid_error+0x91/0xa0 [kvm_intel] Modules linked in: kvm_intel kvm 9pnet_virtio irqbypass fuse CPU: 6 UID: 0 PID: 326 Comm: kvm-vm Not tainted 6.15.0 #14 PREEMPT(voluntary) RIP: 0010:invvpid_error+0x91/0xa0 [kvm_intel] Call Trace: vmx_flush_tlb_gva+0x320/0x490 [kvm_intel] kvm_hv_vcpu_flush_tlb+0x24f/0x4f0 [kvm] kvm_arch_vcpu_ioctl_run+0x3013/0x5810 [kvm] Hyper-V documents that invalid GVAs (those that are beyond a partition's GVA space) are to be ignored. While not completely clear whether this ruling also applies to non-canonical GVAs, it is likely... Source: CVE July 19th, 2025 (about 2 hours ago)
	Popular npm linter packages hijacked via phishing to drop malware Description: Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. [...] Source: BleepingComputer July 19th, 2025 (about 3 hours ago)
	Scientists Discover New World In Our Solar System: ‘Ammonite’ Description: Meet Ammonite, a tiny weird iceball that casts doubt on the Planet Nine hypothesis. Source: 404 Media July 19th, 2025 (about 3 hours ago)
	ChatGPT"s GPT-5-reasoning-alpha model spotted ahead of launch Description: GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. [...] Source: BleepingComputer July 19th, 2025 (about 3 hours ago)
	Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days Source: TheRegister July 19th, 2025 (about 7 hours ago)
CVE-2025-38350	net/sched: Always pass notifications when child class becomes empty Description: In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight class passive via qlen_notify(). Most qdiscs do not expect such behaviour at this point in time and may re-activate the class eventually anyways which will lead to a use-after-free. The referenced fix commit attempted to fix this behavior for the HFSC case by moving the backlog accounting around, though this turned out to be incomplete since the parent's parent may run into the issue too. The following reproducer demonstrates this use-after-free: tc qdisc add dev lo root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo parent 1: classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1 tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0 tc qdisc add dev lo parent 2:1 handle 3: netem tc qdisc add dev lo parent 3:1 handle 4: blackhole echo 1 \| socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888 tc class delete dev lo classid 1:1 echo 1 \| socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888 Since backlog accounting issues leading to a use-after-frees on stale class pointers is a recurring pattern at this point, this patch takes a different approach. Instead of trying to fix the accounting, the patch ... Source: CVE July 19th, 2025 (about 8 hours ago)
	OpenAI, Anthropic, Google may disrupt education market with new AI tools Description: AI companies could soon disrupt the education market with their new AI-based learning tools for students. [...] Source: BleepingComputer July 19th, 2025 (about 9 hours ago)
	🏴‍☠️ Lynx has just published a new victim : RICHARD MILLE ASIA PTE. LTD & D'LEAGUE PTE. LTD. Description: Data from various companies in Dave Tan's holding. Source: Ransomware.live July 19th, 2025 (about 14 hours ago)
	🏴‍☠️ Incransom has just published a new victim : erniesinceresco.com Description: We offer a wide selection of furniture, mattresses, flooring, appliances and electronics from the most popular brands. Come and visit us today! See our exclusive selection on Ashley, Smith Brothers,England, Flexsteel, Sealy, Tempur-pedic, Beautyrest, Serta, Liberty, La-Z-Boy, Hunter Douglas Window Fashions, LEES, Karastan, Whirlpool, GE, Samsung, Sony, Kinetico water systems and much more! © 2017 Ernie's Store Inc. All Right Reserved. Website powered & designed by Tailbase. Prices, configurations, promotions, and in-store availability may change without notice. All product photos are for illustrative purposes only. Photos displayed on website may contain optional items that are not included in the default configuration for that system. Actual Furniture may vary in design. Employees: 88 Industry: Retail Downloaded: +30GB Phone Number:(402) 665-3151 Source: Ransomware.live July 18th, 2025 (about 16 hours ago)
CVE-2025-50583	StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. Description: StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. Source: CVE July 18th, 2025 (about 18 hours ago)